2 matches found
CVE-2026-59868
The CVE-2026-59868 Issue: js-yaml (JavaScript YAML parser/dumper) is vulnerable when merge keys are enabled. From versions 5.0.0 up to 5.2.0, a chain of mappings using merge keys can cause quadratic CPU time on documents that grow linearly, leading to DoS under some inputs. A fix was released in ...
CVE-2026-59868
js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...