Home > Vulnerability Database > WS-2019-0032

Mend.io Vulnerability Database

WS-2019-0032

Good to know:

Date: March 20, 2019

Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Language: JS

Severity Score

7.5

Related Resources (2)

Url: https://github.com/nodeca/js-yaml/commit/a567ef3c6e61eb319f0bfc2671d91061afb01235

Url: https://www.mend.io/vulnerability-database/WS-2019-0032

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

Upgrade Version

Upgrade to version opichon/autotabs - 2.0.11;oburatongoi/productivity - 0.0.1;oburatongoi/productivity - no_fix;oburatongoi/productivity - 0.0.13;hillelcoren/invoice-ninja - dev-dependabot/npm_and_yarn/follow-redirects-1.15.4;hillelcoren/invoice-ninja - dev-dependabot/npm_and_yarn/axios-1.6.0;NorDroN.AngularTemplate - 0.1.6;adrexia/silverstripe-pure - no_fix;timoetting/kirby-builder - v2.0.0;timoetting/kirby-builder - v2.0.3;timoetting/kirby-builder - v2.0.2;chrisbraybrooke/laravel-ecommerce - 0.0.2;chrisbraybrooke/laravel-ecommerce - 0.0.56;chrisbraybrooke/laravel-ecommerce - dev-form-field-key;chrisbraybrooke/laravel-ecommerce - 0.0.17;EntityFramework.LookupTables - 1.1.14.119;seidemann-web/wave-theme - dev-WT-36/Sticky-Header-Fixes;seidemann-web/wave-theme - dev-fixUpLanguageConstants;seidemann-web/wave-theme - dev-omage-theme;seidemann-web/wave-theme - no_fix;triawarman/yii2-richfilemanager - v0.1;zymawy/ironside-core - dev-utils;Yarnpkg.Yarn - 0.26.1;ymcatwincities/openy-cibox-vm - dev-snyk-fix-5c35a6fcce9a99be5f2075759c8a3425;ymcatwincities/openy-cibox-vm - no_fix;ymcatwincities/openy-cibox-vm - dev-snyk-fix-45a393004964497d68443389076d755a;ymcatwincities/openy-cibox-vm - dev-snyk-fix-d3e304fdb18d8e743e047d064f2eeebe;ymcatwincities/openy-cibox-vm - dev-snyk-fix-84e446cbc8aa1506ed55902e1b08c080;Sheelersoft.AngularTemplate - no_fix;redkite-labs/redkite-cms - v2.0.0-alpha;redkite-labs/redkite-cms - 1.1.x-dev;computerundsound/curserver - no_fix;computerundsound/curserver - 2.2.0;adrexia/silverstripe-gumby-theme - 2;NougatUI - 1.0.1;dreamfactory/df-api-docs-ui - 1.1.0;pwptemplatepusintek - no_fix;oxid-esales/wave-theme - dev-oxscript-google-analytics;Ncapsulate.Bower - no_fix;Yeoman - no_fix;KarmaNodeModules - no_fix;adrexia/flowchart - no_fix;efecanaltay/hello-world - no_fix;gudwin/faid - 0.8.0;PWPTemplateCMS - no_fix;i-saad-salman/statamic-analytics - no_fix;MIDIator.WebClient - 1.0.105;kzima/slimbone - no_fix;gheb/nn - dev-master;scancode/portal-module - v1.0.1;scancode/portal-module - v0.0.22;jsdom - 11.11.0;Raml.Parser - 1.0.7;kraenkvisuell/nova-cms-media - v1.0.3;kraenkvisuell/nova-cms-media - no_fix;kraenkvisuell/nova-cms-media - v1.2.2;awema-pl/module-psmoduler - v1.0.4;Sheeler.AngularTemplate - no_fix;ilhanet/erpnet-widget-resource - no_fix;tikiwiki/diagram - v6.5.7;miljoen/nova-autofill - v1.0.0;miljoen/nova-autofill - no_fix;Dianoga - 4.0.0;Dianoga - 3.0.0-RC02;ears - 0.3.4;dotnetng.template - 1.0.0.4;gmo/common - v1.29.0;humanmade/coding-standards - v0.4.2;humanmade/coding-standards - dev-dependabot/npm_and_yarn/json-schema-0.4.0;AngularJsTypeScriptBase - no_fix;Romano.Vue - 1.0.1;Ncapsulate.Grunt - no_fix;archambaultalex/image-field - no_fix;limefamily/yii2-limetheme - 1.0.12;lukesnowden/application-base - no_fix;jadu/pulsar - 1.0.16;xenomedia/xeno-base - no_fix;xenomedia/xeno-base - 0.0.1;AntData.ORM - 1.2.9;bccampus/rest-routes - 1.0.3;ng-grid - 2.0.4;humanmade/workflows - 0.4.8-rc.1;humanmade/workflows - dev-master;Fable.Template.Elmish.React - 0.1.6;svg2png - no_fix;los/losui - 1.0.15;Bower - no_fix;VueTemplate - no_fix;virhi/admin-bundle - 0.2.0;sombrerodepaja/franky-skeleton-application - no_fix;genenotebook - 0.1.14;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;Ncapsulate.Grunt.Shadow - no_fix;frankyframework/franky2 - no_fix;js-yaml - 3.13.0;tyler-zou/phpgame - no_fix;trezebits/trezevel-gallery - no_fix;narirock/marrs-catalog - no_fix;kayrules/solatjakim-api-site - dev-version-1.0;astest - no_fix;adamstyperek/base.symfony.crud - no_fix;tslint - 5.17.0;org.webjars:browser-sync:no_fix;org.webjars.bower:jsonpath-object-transform:no_fix;org.webjars.npm:floatthead:2.0.3;org.webjars.npm:kyleshockey__js-yaml:no_fix;org.webjars.bower:FlipClock:no_fix;org.webjars.npm:js-yaml:3.13.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2019-0032

Good to know:

Date: March 20, 2019

Language: JS

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?