CVE-2026-33532MEDIUMCVSS 4.3≥ 1.0.0, < 1.10.3·≥ 2.0.0, < 2.8.3+2 more2026-03-26
CVE-2026-33532 [MEDIUM] CWE-674 CVE-2026-33532: `yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `ya
`yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for pa
nvd