CNNVD-202511-1593 Information
CNNVD ID
CNNVD-202511-1593
Related CVE
- CNNVD Published: 2025-11-13
Description (Chinese)
JS-YAML是Nodeca开源的一个JavaScript YAML解析器和转储器。 JS-YAML 4.1.0及之前版本存在安全漏洞,该漏洞源于解析YAML文档时可能修改原型,可能导致原型污染。
Description (English)
JS-YAML is a JavaScript YAML resolver and a reservoir of the Nodeca open source. JS-YAML 4.1.0 and previous versions contain a safety loophole, which arises from possible modifications to the prototype when deconstructing the YAML document, which may lead to contamination of the prototype.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Nodeca
Published
2025-11-13
Last Modified
2026-02-24
References
https://github.com/advisories/GHSA-mh29-5h37-fv8m https://github.com/nodeca/js-yaml/issues/730#issuecomment-3549635876 https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266 https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879 https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m https://www.oracle.com/security-alerts/cpujan2026.html https://access.redhat.com/security/cve/cve-2025-64718
Patch
https://github.com/nodeca/js-yaml/tags
Share on: