This repository was archived by the owner on Nov 20, 2021. It is now read-only.
Commit c199c4e
committed
Update js-yaml to a non-vulnerable version
WS-2019-0032 Vulnerable versions: < 3.13.0 Patched version: 3.13.0 Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service. WS-2019-0063 Vulnerable versions: < 3.13.1 Patched version: 3.13.1 Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.1 parent 349ba01 commit c199c4e
1 file changed
+9
-9
lines changedSome generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments