Lucene search
K

108 matches found

RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-59869

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6.9AI score0.0037EPSS
Exploits1References8
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-58486 HedgeDoc: Denial-of-service via YAML alias expansion in note frontmatter

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, HedgeDoc was vulnerable to a YAML alias bomb due to unsafe processing of the note frontmatter. HedgeDoc parsed frontmatter with js-yaml.load js-yaml v3 via @hedgedoc/meta-marked, which...

8.3CVSS0.00235EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-59870

A flaw was found in js-yaml, a JavaScript YAML YAML Ain't Markup Language parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service DoS for applications processing the malicious...

7.5CVSS5.9AI score0.00358EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 6 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js- yaml can spend quadratic CPU time parsing a document...

7.5CVSS6.6AI score0.00358EPSS
Exploits1References2
Snyk
Snyk
added last week8 views

Inefficient Algorithmic Complexity

Overview js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the merge key handling during YAML parsing, where each mapping in a chain re-enumerates the keys inherited from the previous mapping. An...

8.2CVSS6.5AI score0.0037EPSS
Exploits2References2
Snyk
Snyk
added last week5 views

Inefficient Algorithmic Complexity

Overview org.webjars.npm:js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in merge key handling during YAML parsing, where each mapping in a chain re-enumerates the keys inherited from the previous...

8.7CVSS6.1AI score0.0037EPSS
Exploits1References2
Snyk
Snyk
added last week5 views

Inefficient Algorithmic Complexity

Overview js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in merge key handling during YAML parsing, where each mapping in a chain re-enumerates the keys inherited from the previous mapping. An attacker...

8.7CVSS6.1AI score0.0037EPSS
Exploits1References2
NVD
NVD
added last week8 views

CVE-2026-59869

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS0.0037EPSS
Exploits1References5
NVD
NVD
added last week11 views

CVE-2026-59870

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem to perform a linear duplicate-key scan on every insertion, causing On^2 CPU consumption when yaml.load parses a crafted ordered-map...

7.5CVSS0.00358EPSS
Exploits1References3
CVE
CVE
added last week7 views

CVE-2026-59868

The CVE-2026-59868 Issue: js-yaml (JavaScript YAML parser/dumper) is vulnerable when merge keys are enabled. From versions 5.0.0 up to 5.2.0, a chain of mappings using merge keys can cause quadratic CPU time on documents that grow linearly, leading to DoS under some inputs. A fix was released in ...

7.5CVSS6AI score0.00358EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added last week35 views

CVE-2026-59869 js-yaml: YAML merge-key chains can force quadratic CPU consumption

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS0.0037EPSS
Exploits1References5
OSV
OSV
added 2026/06/30 7:49 a.m.3 views

OPENSUSE-SU-2026:21176-1 Security update for python-pytest-html

This update for python-pytest-html fixes the following issues: Changes in python-pytest-html: - Revendor updating shell-quote and js-yaml deps: - CVE-2026-13311: shell-quote: inefficient input parsing can lead to a denial of service bsc1269361 - CVE-2026-53550: js-yaml: quadratic complexity when...

8.7CVSS5.7AI score0.0036EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/06/24 2:35 a.m.9 views

SUSE CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-53550

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key...

5.3CVSS6AI score0.00259EPSS
Exploits1References4
NVD
NVD
added 2026/06/22 4:16 p.m.11 views

CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS0.00259EPSS
Exploits1References1
OSV
OSV
added 2026/06/22 4:16 p.m.4 views

UBUNTU-CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/22 2:59 p.m.16 views

CVE-2026-53550 js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References1
OSV
OSV
added 2026/06/22 2:59 p.m.2 views

CVE-2026-53550 js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS6.2AI score0.00259EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/06/22 2:59 p.m.6 views

CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:59 p.m.3 views

CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder