Skip to content

[UD] Upgrade vulnerable versions of used libraries #23697

New issue
New issue
Closed
eclipse-che/che-dashboard
#1434
Closed
[UD] Upgrade vulnerable versions of used libraries#23697
eclipse-che/che-dashboard
#1434
Assignees
olexii4
Labels
area/dashboardkind/enhancementA feature request - must adhere to the feature request template.severity/P2Has a minor but important impact to the usage or development of the system.
@olexii4

Description

@olexii4
olexii4
opened on Dec 25, 2025

Is your enhancement related to a problem? Please describe

Prototype Pollution vulnerability in js-yaml, affects versions prior to 4.1.1.

This vulnerability allows an attacker to exploit the YAML merge (<<) operator to pollute object prototypes, potentially leading to:

  • Denial of Service (DoS)
  • Remote Code Execution (RCE) in certain scenarios
  • Security bypass

CVE Reference: This fix addresses the prototype pollution issue in the yaml merge (<<) operator.

Describe the solution you'd like

Upgrade js-yaml from 4.1.0 to 4.1.1.

References

Metadata

Metadata

Assignees

Labels

area/dashboardkind/enhancementA feature request - must adhere to the feature request template.severity/P2Has a minor but important impact to the usage or development of the system.

Type

No type

Projects

Eclipse Che Team A Backlog

Status

✅ Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions