Vulnerability	Vulnerable Version
H Arbitrary Code Execution js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Arbitrary Code Execution. When an object with an executable `toString()` property used as a map key, it will execute that function. This happens only for `load()`, which should not be used with untrusted data anyway. `safeLoad()` is not affected because it can't parse functions. How to fix Arbitrary Code Execution? Upgrade `js-yaml` to version 3.13.1 or higher.	<3.13.1
M Denial of Service (DoS) js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Denial of Service (DoS). The parsing of a specially crafted YAML file may exhaust the system resources. How to fix Denial of Service (DoS)? Upgrade `js-yaml` to version 3.13.0 or higher.	>=3.0.0 <3.13.0

Arbitrary Code Execution

js-yaml is a human-friendly data serialization language.

Affected versions of this package are vulnerable to Arbitrary Code Execution. When an object with an executable toString() property used as a map key, it will execute that function. This happens only for load(), which should not be used with untrusted data anyway. safeLoad() is not affected because it can't parse functions.

How to fix Arbitrary Code Execution?

Upgrade js-yaml to version 3.13.1 or higher.

<3.13.1

Denial of Service (DoS)

js-yaml is a human-friendly data serialization language.

Affected versions of this package are vulnerable to Denial of Service (DoS). The parsing of a specially crafted YAML file may exhaust the system resources.

How to fix Denial of Service (DoS)?

Upgrade js-yaml to version 3.13.0 or higher.

>=3.0.0 <3.13.0

Go back to all versions of this package