VYPR

npm package

yar

pkg:npm/yar

Vulnerabilities (1)

  • CVE-2014-4179higSep 1, 2020
    affected < 2.2.0fixed 2.2.0

    Versions of `yar` prior to 2.2.0 are affected by a denial of service vulnerability related to an invalid encrypted session cookie value. When an invalid encryped session cookie value is provided, the process will crash. ## Recommendation Update to version 2.2.0 or later.