Vulnerability report for cmpsr/composer

Vulnerabilities	1 via 27 paths
Dependencies	100
Source	GitHub

Detailed paths

Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/get-dependents-graph@2.1.4 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/should-skip-package@0.1.2 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/config@3.1.4 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/git@3.0.4 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/apply-release-plan@7.1.1 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/assemble-release-plan@6.0.10 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/pre@2.0.2 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/get-release-plan@4.0.16 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/config@3.1.4 › @changesets/get-dependents-graph@2.1.4 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/assemble-release-plan@6.0.10 › @changesets/get-dependents-graph@2.1.4 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/config@3.1.4 › @changesets/should-skip-package@0.1.2 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/apply-release-plan@7.1.1 › @changesets/should-skip-package@0.1.2 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/assemble-release-plan@6.0.10 › @changesets/should-skip-package@0.1.2 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/apply-release-plan@7.1.1 › @changesets/config@3.1.4 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/get-release-plan@4.0.16 › @changesets/config@3.1.4 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/apply-release-plan@7.1.1 › @changesets/git@3.0.4 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/read@0.6.7 › @changesets/git@3.0.4 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/get-release-plan@4.0.16 › @changesets/assemble-release-plan@6.0.10 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/get-release-plan@4.0.16 › @changesets/pre@2.0.2 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/apply-release-plan@7.1.1 › @changesets/config@3.1.4 › @changesets/get-dependents-graph@2.1.4 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/get-release-plan@4.0.16 › @changesets/config@3.1.4 › @changesets/get-dependents-graph@2.1.4 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/get-release-plan@4.0.16 › @changesets/assemble-release-plan@6.0.10 › @changesets/get-dependents-graph@2.1.4 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/apply-release-plan@7.1.1 › @changesets/config@3.1.4 › @changesets/should-skip-package@0.1.2 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/get-release-plan@4.0.16 › @changesets/config@3.1.4 › @changesets/should-skip-package@0.1.2 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/get-release-plan@4.0.16 › @changesets/assemble-release-plan@6.0.10 › @changesets/should-skip-package@0.1.2 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2
Introduced through: composer@cmpsr/composer › @changesets/cli@2.31.0 › @changesets/get-release-plan@4.0.16 › @changesets/read@0.6.7 › @changesets/git@3.0.4 › @manypkg/get-packages@1.1.3 › read-yaml-file@1.1.0 › js-yaml@3.14.2

Overview

js-yaml is a human-friendly data serialization language.

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the storeMappingPair() function in loader.js when handling repeated aliases in merge sequences. An attacker can exhaust CPU resources and significantly degrade service availability by submitting malicious YAML documents.

Remediation

Upgrade js-yaml to version 4.2.0 or higher.

Vulnerabilities

Dependencies

Source

Find, fix and prevent vulnerabilities in your code.

medium severity

new

Inefficient Algorithmic Complexity

Detailed paths

Overview

Remediation

References

Vulnerabilities

Dependencies

Source

Find, fix and prevent vulnerabilities in your code.

medium severity new

Inefficient Algorithmic Complexity

Detailed paths

Overview

Remediation

References

medium severity

new