js-yaml-loader icon indicating copy to clipboard operation
js-yaml-loader copied to clipboard

Published 20 hours ago verified publisher icon wwilsman

High Severity: Prototype Pollution in JSON5 via Parse Method

Open kmturley opened this issue 2 years ago • 0 comments

Your package is vulnerable. could you apply a fix?

$ npm audit

json5  <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h

node_modules/json5
  loader-utils  <=1.4.2
  Depends on vulnerable versions of json5
  node_modules/loader-utils
    js-yaml-loader  >=1.0.0
    Depends on vulnerable versions of loader-utils
    node_modules/js-yaml-loader

Upgrading https://www.npmjs.com/package/loader-utils should fix the issue:

npm install loader-utils@latest

kmturley avatar Dec 30 '22 05:12 kmturley