Vulnerabilities |
2 via 2 paths |
|---|---|
Dependencies |
29 |
Source |
GitHub |
Find, fix and prevent vulnerabilities in your code.
medium severity
new
- Vulnerable module: js-yaml
- Introduced through: yaml-front-matter@4.1.1
Detailed paths
-
Introduced through: gulp-mvb@dennisreimann/gulp-mvb › yaml-front-matter@4.1.1 › js-yaml@3.15.0
Overview
js-yaml is a human-friendly data serialization language.
Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the storeMappingPair() function in loader.js when handling repeated aliases in merge sequences. An attacker can exhaust CPU resources and significantly degrade service availability by submitting malicious YAML documents.
Remediation
Upgrade js-yaml to version 4.2.0 or higher.
References
medium severity
new
- Vulnerable module: markdown-it
- Introduced through: markdown-it@14.1.1
Detailed paths
-
Introduced through: gulp-mvb@dennisreimann/gulp-mvb › markdown-it@14.1.1Remediation: Upgrade to markdown-it@14.2.0.
Overview
markdown-it is a modern pluggable markdown parser.
Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the replaceAt() function in the smartquotes rule when processing markdown input with a large number of consecutive quotation marks and the typographer option enabled. An attacker can cause excessive CPU consumption and disrupt service availability by submitting specially crafted markdown content containing many quote characters.
Remediation
Upgrade markdown-it to version 14.2.0 or higher.