Intel

AIKIDO-2026-384204

js-yaml is vulnerable to Denial of Service (DoS)

Denial of Service (DoS)GHSA-724g-mxrg-4qvm Published 2 days ago

53

Medium Risk

This Affects:

JSjs-yaml
5.0.0 - 5.2.0
Fixed in 5.2.1
Are you affected? Scan for Free

TL;DR

js-yaml 5.x introduces YAML11_SCHEMA support with the !!omap (ordered map) tag. The addItem handler for !!omap performs a linear scan of all previously inserted entries to detect duplicate keys on every insertion, producing O(n^2) parse time for a document with n omap entries. An attacker who supplies a small crafted YAML document to an application calling yaml.load() with { schema: YAML11_SCHEMA } can stall the Node.js event loop for many seconds, resulting in denial of service. The fix replaces the per-insertion linear scan with an O(1) Set-based duplicate check.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and you parse untrusted YAML using the YAML11_SCHEMA which enables the !!omap tag.

Background info

js-yaml is vulnerable to Denial of Service (DoS) in versions 5.0.0 - 5.2.0.

How to fix this

Upgrade the js-yaml library to the patch version.