Vulnerabilities

 1 via 1 paths

Dependencies

 170

Source

 GitHub

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Inefficient Algorithmic Complexity

  • Vulnerable module: js-yaml
  • Introduced through: js-yaml@4.1.1

Detailed paths

  • Introduced through: kastell@kastelldev/kastell js-yaml@4.1.1
    Remediation: Upgrade to js-yaml@4.2.0.

Overview

js-yaml is a human-friendly data serialization language.

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the storeMappingPair() function in loader.js when handling repeated aliases in merge sequences. An attacker can exhaust CPU resources and significantly degrade service availability by submitting malicious YAML documents.

Remediation

Upgrade js-yaml to version 4.2.0 or higher.

References

Inefficient Algorithmic Complexity vulnerability report