Version Details and Security Vulnerabilities

📦

js-yaml

3.2.7

Comparision Betweeen 3.2.7 and 3.2.6

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

N/A

Unpacked Size

N/A

Version 3.2.7 Details

Js-yaml, a YAML 1.2 parser and serializer, saw a modest update moving from version 3.2.6 to 3.2.7. While the core description remains the same, key differences lie in the dependency versions. Version 3.2.7 upgrades its dependencies, requiring "argparse" version "~1.0.0" and "esprima" version "~2.0.0". In contrast, version 3.2.6 depended on older versions, specifically "argparse" version "~0.1.11" and "esprima" version "~1.0.2". This shift implies potential improvements in argument parsing and JavaScript syntax analysis capabilities within js-yaml, possibly addressing bugs, enhancing performance, or incorporating new features offered by the updated dependencies.

For developers, this means that upgrading to js-yaml version 3.2.7 might bring stability improvements and access to newer language features handled by Esprima. However, careful consideration should be given to potential breaking changes introduced by the updated dependencies. Developers should review the release notes for Argparse 1.0.0 and Esprima 2.0.0 to ensure compatibility with their existing codebases. Both versions maintain the same MIT license and are available via the provided git repository. The update was released on February 19, 2015, roughly 12 days after the previous version.

Security Vulnerabilities

This site is an independent open-source project and is not affiliated with, endorsed by, or sponsored by npm, Inc. or GitHub, Inc. The name “npm” is a registered trademark of npm, Inc., used here solely to describe compatibility and reference publicly available npm package data.

Version Details and Security Vulnerabilities

📦

js-yaml

3.2.7

Comparision Betweeen 3.2.7 and 3.2.6

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

N/A

Unpacked Size

N/A

Version 3.2.7 Details

Security Vulnerabilities

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 3.2.7 of the package js-yaml.

All Security Vulnerabilities

All the vulnerabilities related to the version 3.2.7 of the package

Summary:

Denial of Service in js-yaml

Details:

Versions of js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Recommendation

Upgrade to version 3.13.0.

Details about js-yaml@3.2.7

Summary:

Code Injection in js-yaml

Details:

Versions of js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file. Objects that have toString as key, JavaScript code as value and are used as explicit mapping keys allow attackers to execute the supplied code through the load() function. The safeLoad() function is unaffected.

An example payload is { toString: !<tag:yaml.org,2002:js/function> 'function (){return Date.now()}' } : 1 which returns the object { "1553107949161": 1 }

Recommendation

Upgrade to version 3.13.1.

Details about js-yaml@3.2.7

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 3.2.7 of the package js-yaml.

All Security Vulnerabilities

All the vulnerabilities related to the version 3.2.7 of the package

Summary:

Denial of Service in js-yaml

Details:

Recommendation

Upgrade to version 3.13.0.

Details about js-yaml@3.2.7

Summary:

Code Injection in js-yaml

Details:

An example payload is { toString: !<tag:yaml.org,2002:js/function> 'function (){return Date.now()}' } : 1 which returns the object { "1553107949161": 1 }

Recommendation

Upgrade to version 3.13.1.

Details about js-yaml@3.2.7

Version Details and Security Vulnerabilities

js-yaml

Comparision Betweeen 3.2.7 and 3.2.6

Version 3.2.7 Details

Security Vulnerabilities

Version Details and Security Vulnerabilities

js-yaml

Comparision Betweeen 3.2.7 and 3.2.6

Version 3.2.7 Details

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Recommendation

Recommendation

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Recommendation

Recommendation

Version Details and Security Vulnerabilities

js-yaml

Comparision Betweeen 3.2.7 and 3.2.6

Version 3.2.7 Details

Security Vulnerabilities

Version Details and Security Vulnerabilities

js-yaml

Comparision Betweeen 3.2.7 and 3.2.6

Version 3.2.7 Details

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

js-yaml@3.2.7 GHSA-2pr6-76vf-7546 5.9

Recommendation

js-yaml@3.2.7 GHSA-8j8c-7jfh-h6hx N/A

Recommendation

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

js-yaml@3.2.7 GHSA-2pr6-76vf-7546 5.9

Recommendation

js-yaml@3.2.7 GHSA-8j8c-7jfh-h6hx N/A

Recommendation