Arbitrary Code Execution
js-yaml is vulnerable to arbitrary code execution. The vulnerability exists through the usage of unsafe load function, which allows attackers to inject arbitrary code via a malicious YAML file using objects that have toString as key, JavaScript code as value and are used as explicit mapping keys...