CVE-2025-64718

MEDIUM

Important: Red Hat Security Advisory: Red Hat Ceph Storage

Details

CVSS v3: 5.3
NVD published: 2025-11-13 16:15:57
EPSS: <0.1% probability · 10.1th percentile — 2026-05-10
Affected versions: cpe:2.3:a:nodeca:js-yaml:*:*:*:*:*:node.js:*:* cpe:2.3:a:nodeca:js-yaml:*:*:*:*:*:node.js:*:*
Summary: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).
Remediation: Not available in our cache.
Exploit info: Not available in our cache.

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.