js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in versions 3.15.0 and 4.3.0.
References
Configurations
No configuration.
History
09 Jul 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/nodeca/js-yaml/security/advisories/GHSA-52cp-r559-cp3m - |
08 Jul 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-08 16:16
Updated : 2026-07-09 16:16
NVD link : CVE-2026-59869
Mitre link : CVE-2026-59869
CVE.ORG link : CVE-2026-59869
JSON object : View
Products Affected
No product.
CWE
CWE-407
Inefficient Algorithmic Complexity
