Vulnerabilities

 1 via 3 paths

Dependencies

 193

Source

 GitHub

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 1
Severity
  • 1
  • 1
Status
  • 2
  • 0
  • 0

high severity

GPL-3.0 license

  • Module: ffmpeg-static
  • Introduced through: ffmpeg-static@4.4.1

Detailed paths

  • Introduced through: ytkit@maggiben/ytkit ffmpeg-static@4.4.1

GPL-3.0 license

GPL-3.0 license vulnerability report

medium severity
new

Inefficient Algorithmic Complexity

  • Vulnerable module: js-yaml
  • Introduced through: cli-ux@5.6.7, @oclif/plugin-help@5.2.20 and others

Detailed paths

  • Introduced through: ytkit@maggiben/ytkit cli-ux@5.6.7 js-yaml@3.15.0
  • Introduced through: ytkit@maggiben/ytkit @oclif/plugin-help@5.2.20 @oclif/core@2.16.0 js-yaml@3.15.0
    Remediation: Upgrade to @oclif/plugin-help@6.1.0.
  • Introduced through: ytkit@maggiben/ytkit @oclif/plugin-update@2.2.0 @oclif/core@1.26.2 js-yaml@3.15.0
    Remediation: Upgrade to @oclif/plugin-update@4.3.0.

Overview

js-yaml is a human-friendly data serialization language.

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the storeMappingPair() function in loader.js when handling repeated aliases in merge sequences. An attacker can exhaust CPU resources and significantly degrade service availability by submitting malicious YAML documents.

Remediation

Upgrade js-yaml to version 4.2.0 or higher.

References

Inefficient Algorithmic Complexity vulnerability report