Lucene search
+L

4141 matches found

redhat
redhat
added last week4 views

js-yaml: js-yaml: Denial of Service via crafted YAML documents

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6AI score0.0037EPSS
Exploits1References9
redhat
redhat
added last week4 views

js-yaml: js-yaml: Denial of Service via crafted YAML documents

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6AI score0.0037EPSS
Exploits1References9
ptsecurity
ptsecurity
added 2026/07/10 12:0 a.m.6 views

PT-2026-57343

Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2026.1.1 Spinnaker versions prior to 2026.0.3 Spinnaker versions prior to 2025.4.4 Spinnaker versions prior to 2025.3.4 Description Unsafe YAML tag processing during Kustomize bake operations in rosco manifests can...

7.5CVSS6.5AI score0.00615EPSS
Exploits0References15
osv
osv
added 2026/07/09 6:18 p.m.1 views

SUSE-SU-2026:2824-1 Security update for alloy

This update for alloy fixes the following issues - CVE-2026-10722: github.com/cilium/ebpf: BTF string offset boundary check can lead to crash when parsing malformed ELF/BTF input bsc1267811. - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html:...

10CVSS6.8AI score0.00533EPSS
Exploits6References39
redhatcve
redhatcve
added 2026/07/09 11:16 a.m.6 views

CVE-2026-59868

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. When merge keys are enabled, a remote attacker could exploit this vulnerability by crafting a YAML document where a chain of mappings uses merge keys, each merging the previous one. This can lead to a significant increase in CPU ti...

7.5CVSS6AI score0.00358EPSS
Exploits1References6
redhatcve
redhatcve
added 2026/07/09 9:45 a.m.6 views

CVE-2026-59870

A flaw was found in js-yaml, a JavaScript YAML YAML Ain't Markup Language parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service DoS for applications processing the malicious...

7.5CVSS5.9AI score0.00358EPSS
Exploits1References6
snyk
snyk
added 2026/07/09 8:43 a.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
snyk
snyk
added 2026/07/09 8:43 a.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
cve
cve
added 2026/07/09 5:45 a.m.15 views

CVE-2026-47826

CVE-2026-47826 is a directory traversal vulnerability in the BOSH CLI (blobs.yaml path). Affected are BOSH CLI versions before v7.10.4; exploitation can allow an attacker to write arbitrary files and exfiltrate sensitive data via crafted input in blobs.yaml. Connected advisories from Snyk describ...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2026/07/09 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-59869

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js- yaml can spend quadratic CPU time parsing a document...

7.5CVSS6.1AI score0.0037EPSS
Exploits1References3
nessus
nessus
added 2026/07/09 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-59870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addIte...

7.5CVSS6.6AI score0.00358EPSS
Exploits1References2
nessus
nessus
added 2026/07/09 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-59868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js- yaml can spend quadratic CPU time parsing a document...

7.5CVSS6.6AI score0.00358EPSS
Exploits1References2
snyk
snyk
added 2026/07/08 6:47 p.m.9 views

Inefficient Algorithmic Complexity

Overview js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the merge key handling during YAML parsing, where each mapping in a chain re-enumerates the keys inherited from the previous mapping. An...

8.2CVSS6.5AI score0.0037EPSS
Exploits2References2
snyk
snyk
added 2026/07/08 6:47 p.m.6 views

Inefficient Algorithmic Complexity

Overview js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in merge key handling during YAML parsing, where each mapping in a chain re-enumerates the keys inherited from the previous mapping. An attacker...

8.7CVSS6.1AI score0.0037EPSS
Exploits1References2
snyk
snyk
added 2026/07/08 6:47 p.m.6 views

Inefficient Algorithmic Complexity

Overview org.webjars.npm:js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in merge key handling during YAML parsing, where each mapping in a chain re-enumerates the keys inherited from the previous...

8.7CVSS6.1AI score0.0037EPSS
Exploits1References2
osv
osv
added 2026/07/08 4:16 p.m.3 views

DEBIAN-CVE-2026-59869

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS7AI score0.0037EPSS
Exploits1References1
nvd
nvd
added 2026/07/08 4:16 p.m.11 views

CVE-2026-59870

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem to perform a linear duplicate-key scan on every insertion, causing On^2 CPU consumption when yaml.load parses a crafted ordered-map...

7.5CVSS0.00358EPSS
Exploits1References3
nvd
nvd
added 2026/07/08 4:16 p.m.8 views

CVE-2026-59869

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS0.0037EPSS
Exploits1References5
osv
osv
added 2026/07/08 4:16 p.m.2 views

UBUNTU-CVE-2026-59868

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS6.6AI score0.00358EPSS
Exploits1References3
osv
osv
added 2026/07/08 4:16 p.m.3 views

UBUNTU-CVE-2026-59870

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem to perform a linear duplicate-key scan on every insertion, causing On^2 CPU consumption when yaml.load parses a crafted ordered-map...

7.5CVSS6.6AI score0.00358EPSS
Exploits1References3
Rows per page
Query Builder