CVE-2026-59869
js-yaml (JavaScript YAML parser) is affected by a resource-consumption issue in merge-key chains that can cause quadratic CPU time as documents grow linearly. Affected versions are 3.0.0–3.14.x and 4.0.0–4.2.x; the issue is fixed in 3.15.0 and 4.3.0. Impact is described as high availability (A:H)...