High severityGHSA Advisory· Published Sep 1, 2020· Updated Sep 23, 2021
Denial of Service in yar
CVE-2014-4179
Description
Versions of yar prior to 2.2.0 are affected by a denial of service vulnerability related to an invalid encrypted session cookie value.
When an invalid encryped session cookie value is provided, the process will crash.
Recommendation
Update to version 2.2.0 or later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
yarnpm | < 2.2.0 | 2.2.0 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-gg6m-fhqv-hg56ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-4179ghsaADVISORY
- github.com/spumko/yar/issues/34ghsaWEB
- www.npmjs.com/advisories/44ghsaWEB
News mentions
0No linked articles in our index yet.