Advisories for Npm/Js-Yaml package

2019

Denial of Service in js-yaml

Versions of js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service. Recommendation Upgrade to version 3.13.0.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in js-yaml.

2013

Deserialization Code Execution

JS-YAM contains a code execution vulnerability.