js-yaml
Releases81
Frequency2 months 6 days
Last Release
YAML 1.2 parser and serializer
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| = *, = 0.2.2, = 2.0.0, = 1.0.1, = 0.3.2, = 0.3.3, = 2.0.2, = 0.2.0, = 0.3.0, = 0.3.1, = 1.0.0, = 1.0.2, = 2.0.3, = 0.2.1, = 1.0.3, = 2.0.1, = 0.3.4, = 0.3.5, = 0.3.6, = 0.3.7, <= 2.0.4 | — | 6.8 MEDIUM | ||
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation. | ||||