JavaScript YAML Parser Vulnerability in js-yaml Affects Multiple Versions
CVE-2026-59870
5.3MEDIUM
What is CVE-2026-59870?
The js-yaml library, a commonly used JavaScript YAML parser and dumper, contains a performance issue due to improper handling of the !!omap tag. When parsing crafted ordered-map documents in versions prior to 5.2.1, the library incurs significant CPU overhead (O(n^2) complexity) during insertion of items, leading to potential denial of service conditions. This vulnerability is addressed in version 5.2.1, which optimizes the parsing process to mitigate excessive resource consumption.
Affected Version(s)
js-yaml >= 5.0.0, < 5.2.1
