CVE-2025-64718: js-yaml@4.1.0 vulnerability in Lambda Layer v131

## Description
The latest Node.js Lambda Layer (v131) contains a vulnerable version of `js-yaml` (4.1.0) which is affected by CVE-2025-64718.

## Vulnerability Details
- **CVE**: CVE-2025-64718
- **Package**: js-yaml
- **Current Version**: 4.1.0
- **Fixed In**: 4.1.1+
- **Location**: `/nodejs/node_modules/@datadog/wasm-js-rewriter/node_modules/js-yaml/`

## Current Configuration
- Node Layer Version: 131 (latest as of 2024-12-10)
- Extension Layer Version: 90

## Request
Please update the `@datadog/wasm-js-rewriter` dependency or its transitive dependency `js-yaml` to version 4.1.1 or later to remediate this vulnerability.

## References
- https://github.com/DataDog/datadog-lambda-js/releases/tag/v12.131.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2025-64718: [email protected] vulnerability in Lambda Layer v131 #698

Description

Vulnerability Details

Current Configuration

Request

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2025-64718: [email protected] vulnerability in Lambda Layer v131 #698

Description

Description

Vulnerability Details

Current Configuration

Request

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions