Severity: moderate

    Denial of Service

    js-yaml

    Overview

    Versions of js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

    Remediation

    Upgrade to version 3.13.0.

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      Mar 21st, 2019