js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in version 5.2.0.
References
Configurations
No configuration.
History
09 Jul 2026, 15:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/nodeca/js-yaml/security/advisories/GHSA-g796-fgmg-93mv - |
08 Jul 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-08 16:16
Updated : 2026-07-09 15:16
NVD link : CVE-2026-59868
Mitre link : CVE-2026-59868
CVE.ORG link : CVE-2026-59868
JSON object : View
Products Affected
No product.
CWE
CWE-407
Inefficient Algorithmic Complexity
