← Back

Serialize Javascript

serialize-javascript

Vendor: Verizon • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-7660
1Verizon
1Serialize Javascript
Nov 21, 2024
Jun 1, 2020
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
CVE-2019-16769
1Verizon
1Serialize Javascript
Nov 21, 2024
Dec 5, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not...Show more
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.Show less