Vulnerabilities

2 via 2 paths

Dependencies

29

Source

GitHub

Find, fix and prevent vulnerabilities in your code.

Severity
  • 2
Status
  • 2
  • 0
  • 0

medium severity
new

Inefficient Algorithmic Complexity

  • Vulnerable module: js-yaml
  • Introduced through: yaml-front-matter@4.1.1

Detailed paths

  • Introduced through: gulp-mvb@dennisreimann/gulp-mvb yaml-front-matter@4.1.1 js-yaml@3.15.0

Overview

js-yaml is a human-friendly data serialization language.

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the storeMappingPair() function in loader.js when handling repeated aliases in merge sequences. An attacker can exhaust CPU resources and significantly degrade service availability by submitting malicious YAML documents.

Remediation

Upgrade js-yaml to version 4.2.0 or higher.

References

medium severity
new

Inefficient Algorithmic Complexity

  • Vulnerable module: markdown-it
  • Introduced through: markdown-it@14.1.1

Detailed paths

  • Introduced through: gulp-mvb@dennisreimann/gulp-mvb markdown-it@14.1.1
    Remediation: Upgrade to markdown-it@14.2.0.

Overview

markdown-it is a modern pluggable markdown parser.

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the replaceAt() function in the smartquotes rule when processing markdown input with a large number of consecutive quotation marks and the typographer option enabled. An attacker can cause excessive CPU consumption and disrupt service availability by submitting specially crafted markdown content containing many quote characters.

Remediation

Upgrade markdown-it to version 14.2.0 or higher.

References