<p>There is no fixed version for <code>infraserver</code>.</p>

Arbitrary Code Execution Affecting infraserver package, versions *

Snyk CVSS

Attack Complexity Low

Confidentiality High

Integrity High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JS-INFRASERVER-595968
published 2 Sep 2020
disclosed 2 Sep 2020
credit Snyk Security Team

Report a new vulnerability Found a mistake?

Introduced: 2 Sep 2020

CWE-94 Open this link in a new tab First added by Snyk

How to fix?

There is no fixed version for infraserver.

Overview

infraserver is a data server

Affected versions of this package are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().

References

GitHub PR
Vulnerable Code
Vulnerable Code