-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the error pretty-printing logic in prettifyError. The commit diff shows a critical fix in the calculation of the 'count' variable, where Math.max(1, ...) was added to prevent zero/negative values. This directly corresponds to CWE-248 (Uncaught Exception) as invalid input (e.g., repeated CR characters) could trigger an unhandled RangeError in '^'.repeat(count). The added test case explicitly validates this edge case, confirming the function's role in the vulnerability.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| yaml | npm | >= 2.0.0-5, < 2.2.2 | 2.2.2 |