CVE-2013-4660

Name of the Vulnerable Software and Affected Versions js-yaml versions 2.0.4 and earlier

Description The issue allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation, due to the JS-YAML module parsing input without properly considering the unsafe !!js/function tag.

Recommendations Update to version 2.0.5 or later, and ensure that all instances where the load() method is called are updated to use safeLoad() instead.