Version Details and Security Vulnerabilities

📦

js-yaml

3.4.6

Comparision Betweeen 3.4.6 and 3.4.5

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

N/A

Unpacked Size

N/A

Security Vulnerabilities

This site is an independent open-source project and is not affiliated with, endorsed by, or sponsored by npm, Inc. or GitHub, Inc. The name “npm” is a registered trademark of npm, Inc., used here solely to describe compatibility and reference publicly available npm package data.

Version Details and Security Vulnerabilities

📦

js-yaml

3.4.6

Comparision Betweeen 3.4.6 and 3.4.5

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

N/A

Unpacked Size

N/A

Security Vulnerabilities

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 3.4.6 of the package js-yaml.

All Security Vulnerabilities

All the vulnerabilities related to the version 3.4.6 of the package

Summary:

Denial of Service in js-yaml

Details:

Versions of js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Recommendation

Upgrade to version 3.13.0.

Details about js-yaml@3.4.6

Summary:

Code Injection in js-yaml

Details:

Versions of js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file. Objects that have toString as key, JavaScript code as value and are used as explicit mapping keys allow attackers to execute the supplied code through the load() function. The safeLoad() function is unaffected.

An example payload is { toString: !<tag:yaml.org,2002:js/function> 'function (){return Date.now()}' } : 1 which returns the object { "1553107949161": 1 }

Recommendation

Upgrade to version 3.13.1.

Details about js-yaml@3.4.6

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 3.4.6 of the package js-yaml.

All Security Vulnerabilities

All the vulnerabilities related to the version 3.4.6 of the package

Summary:

Denial of Service in js-yaml

Details:

Recommendation

Upgrade to version 3.13.0.

Details about js-yaml@3.4.6

Summary:

Code Injection in js-yaml

Details:

An example payload is { toString: !<tag:yaml.org,2002:js/function> 'function (){return Date.now()}' } : 1 which returns the object { "1553107949161": 1 }

Recommendation

Upgrade to version 3.13.1.

Details about js-yaml@3.4.6

Version Details and Security Vulnerabilities

js-yaml

Comparision Betweeen 3.4.6 and 3.4.5

Security Vulnerabilities

Version Details and Security Vulnerabilities

js-yaml

Comparision Betweeen 3.4.6 and 3.4.5

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Recommendation

Recommendation

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Recommendation

Recommendation

Version Details and Security Vulnerabilities

js-yaml

Comparision Betweeen 3.4.6 and 3.4.5

Security Vulnerabilities

Version Details and Security Vulnerabilities

js-yaml

Comparision Betweeen 3.4.6 and 3.4.5

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

js-yaml@3.4.6 GHSA-2pr6-76vf-7546 5.9

Recommendation

js-yaml@3.4.6 GHSA-8j8c-7jfh-h6hx N/A

Recommendation

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

js-yaml@3.4.6 GHSA-2pr6-76vf-7546 5.9

Recommendation

js-yaml@3.4.6 GHSA-8j8c-7jfh-h6hx N/A

Recommendation