CX: Cxec49316b-56df in Unknown-js-yaml and 3.5.5 @ nodegoat_cxflow.master
Description
The package js-yaml before 3.13.0 is vulnerable to Denial of service as the function storeMappingPair() in file lib/js-yaml/loader.js, doesn't limit the user supplied yaml, causing the map key to grow exponentially. giving out a huge amount of output data, leading to denial of service due to excessive memory usage. This affects the availability.
HIGH Vulnerable Package issue exists @ js-yaml in branch master
Vulnerability ID: Cxec49316b-56df
Package Name: js-yaml
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2019-03-20T18:36:00
Current Package Version: 3.5.5
Remediation Upgrade Recommendation: 3.13.1