Severity: moderate

Denial of Service



Versions of js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.


Upgrade to version 3.13.0.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Mar 21st, 2019