Denial of Service in js-yaml

2019-06-05T14:35:29
ID GHSA-2PR6-76VF-7546
Type github
Reporter GitHub Advisory Database
Modified 2020-08-31T18:35:49

Description

Versions of js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Recommendation

Upgrade to version 3.13.0.