npm

Severity: high

Denial of Service

yar

Overview

Versions of yar prior to 2.2.0 are affected by a denial of service vulnerability related to an invalid encrypted session cookie value.

When an invalid encryped session cookie value is provided, the process will crash.

Remediation

Update to version 2.2.0 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. reported

    Initial report by Reid Burke
    Oct 17th, 2015
  2. published

    Advisory published
    Jun 16th, 2014