Lucene search
+L

4172 matches found

Snyk
Snyk
added 2026/07/08 6:47 p.m.6 views

Inefficient Algorithmic Complexity

Overview org.webjars.npm:js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in merge key handling during YAML parsing, where each mapping in a chain re-enumerates the keys inherited from the previous...

8.7CVSS6.1AI score0.0037EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 6:47 p.m.6 views

Inefficient Algorithmic Complexity

Overview js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in merge key handling during YAML parsing, where each mapping in a chain re-enumerates the keys inherited from the previous mapping. An attacker...

8.7CVSS6.1AI score0.0037EPSS
Exploits1References2
NVD
NVD
added 2026/07/08 4:16 p.m.11 views

CVE-2026-59870

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem to perform a linear duplicate-key scan on every insertion, causing On^2 CPU consumption when yaml.load parses a crafted ordered-map...

7.5CVSS0.00358EPSS
Exploits1References3
OSV
OSV
added 2026/07/08 4:16 p.m.3 views

DEBIAN-CVE-2026-59869

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS7AI score0.0037EPSS
Exploits1References1
NVD
NVD
added 2026/07/08 4:16 p.m.8 views

CVE-2026-59869

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS0.0037EPSS
Exploits1References5
OSV
OSV
added 2026/07/08 4:16 p.m.3 views

UBUNTU-CVE-2026-59870

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem to perform a linear duplicate-key scan on every insertion, causing On^2 CPU consumption when yaml.load parses a crafted ordered-map...

7.5CVSS6.6AI score0.00358EPSS
Exploits1References3
OSV
OSV
added 2026/07/08 4:16 p.m.3 views

UBUNTU-CVE-2026-59868

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS6.6AI score0.00358EPSS
Exploits1References3
OSV
OSV
added 2026/07/08 4:16 p.m.4 views

UBUNTU-CVE-2026-59869

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS6.1AI score0.0037EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/08 3:18 p.m.35 views

CVE-2026-59868 js-yaml: YAML merge-key chains can force quadratic CPU consumption

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

5.3CVSS0.00358EPSS
Exploits1References3
CVE
CVE
added 2026/07/08 3:18 p.m.8 views

CVE-2026-59868

The CVE-2026-59868 Issue: js-yaml (JavaScript YAML parser/dumper) is vulnerable when merge keys are enabled. From versions 5.0.0 up to 5.2.0, a chain of mappings using merge keys can cause quadratic CPU time on documents that grow linearly, leading to DoS under some inputs. A fix was released in ...

7.5CVSS6AI score0.00358EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/08 3:18 p.m.5 views

CVE-2026-59868

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

5.3CVSS6AI score0.00358EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2026/07/08 3:18 p.m.7 views

CVE-2026-59868

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS6.5AI score0.00358EPSS
Exploits1
OSV
OSV
added 2026/07/08 3:18 p.m.3 views

CVE-2026-59868 js-yaml: YAML merge-key chains can force quadratic CPU consumption

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

5.3CVSS6.6AI score0.00358EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2026/07/08 3:15 p.m.6 views

CVE-2026-59869

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS6AI score0.0037EPSS
Exploits1
Cvelist
Cvelist
added 2026/07/08 3:15 p.m.36 views

CVE-2026-59869 js-yaml: YAML merge-key chains can force quadratic CPU consumption

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS0.0037EPSS
Exploits1References5
CVE
CVE
added 2026/07/08 3:15 p.m.26 views

CVE-2026-59869

js-yaml (JavaScript YAML parser) is affected by a resource-consumption issue in merge-key chains that can cause quadratic CPU time as documents grow linearly. Affected versions are 3.0.0–3.14.x and 4.0.0–4.2.x; the issue is fixed in 3.15.0 and 4.3.0. Impact is described as high availability (A:H)...

7.5CVSS6AI score0.0037EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/07/08 3:15 p.m.3 views

CVE-2026-59869 js-yaml: YAML merge-key chains can force quadratic CPU consumption

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS7AI score0.0037EPSS
Exploits1References7
CVE
CVE
added 2026/07/08 3:13 p.m.10 views

CVE-2026-59870

CVE-2026-59870 affects js-yaml prior to 5.2.1. The YAML11_SCHEMA’s handling of the !!omap tag in omap.ts performs a linear duplicate-key scan on each insertion, causing O(n^2) CPU usage when yaml.load() parses crafted ordered-map documents. Red Hat and NVD entries confirm this results in CPU-inte...

7.5CVSS6AI score0.00358EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/07/08 3:13 p.m.6 views

EUVD-2026-42300

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem to perform a linear duplicate-key scan on every insertion, causing On^2 CPU consumption when yaml.load parses a crafted ordered-map...

5.3CVSS6AI score0.00358EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.8 views

PT-2026-56490

Name of the Vulnerable Software and Affected Versions js-yaml versions 3.0.0 through 3.14.x js-yaml versions 4.0.0 through 4.2.x Description js-yaml can consume quadratic CPU time when parsing a document that grows linearly in size. This occurs when a chain of mappings utilizes merge keys, where...

7.5CVSS6AI score0.0037EPSS
Exploits1References13
Rows per page
Query Builder