Vulnerability Database

318,003

Total vulnerabilities in the database

Denial of Service in js-yaml

Versions of js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Recommendation

Upgrade to version 3.13.0.

Published: Jun 5, 2019
Updated: Apr 14, 2023
GHSA: GHSA-2pr6-76vf-7546
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
js-yaml	-	3.13.0

https://github.com/nodeca/js-yaml/commit/a567ef3c6e61eb319f0bfc2671d91061afb01235
https://github.com/nodeca/js-yaml/issues/475
https://snyk.io/vuln/SNYK-JS-JSYAML-173999
https://www.npmjs.com/advisories/788
https://www.npmjs.com/advisories/788/versions

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo