Nominating Presidential Muppets

npm

Severity: moderate

Denial of Service

js-yaml

Overview

Versions of js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Remediation

Upgrade to version 3.13.0.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Mar 21st, 2019