5.4
CVE-2024-11831
- EPSS 0.6%
- Published 10.02.2025 16:15:37
- Last modified 04.06.2025 23:15:20
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/yahoo/serialize-javascript
≫
Package
serialize-javascript
Version <
6.0.2
Version
6.0
Status
affected
VendorRed Hat
≫
Product
Red Hat Advanced Cluster Security 4.4
Default Statusaffected
Version <
*
Version
4.4.8-2
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Advanced Cluster Security 4.5
Default Statusaffected
Version <
*
Version
4.5.6-2
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
0:8.0.112-1.el9_5
Status
unaffected
VendorRed Hat
≫
Product
RHODF-4.14-RHEL-9
Default Statusaffected
Version <
*
Version
v4.14.18-2
Status
unaffected
VendorRed Hat
≫
Product
RHODF-4.14-RHEL-9
Default Statusaffected
Version <
*
Version
v4.14.18-3
Status
unaffected
VendorRed Hat
≫
Product
RHODF-4.14-RHEL-9
Default Statusaffected
Version <
*
Version
v4.14.18-2
Status
unaffected
VendorRed Hat
≫
Product
RHODF-4.15-RHEL-9
Default Statusaffected
Version <
*
Version
v4.15.14-2
Status
unaffected
VendorRed Hat
≫
Product
RHODF-4.15-RHEL-9
Default Statusaffected
Version <
*
Version
v4.15.14-2
Status
unaffected
VendorRed Hat
≫
Product
RHODF-4.15-RHEL-9
Default Statusaffected
Version <
*
Version
v4.15.14-2
Status
unaffected
VendorRed Hat
≫
Product
RHODF-4.16-RHEL-9
Default Statusaffected
Version <
*
Version
v4.16.10-4
Status
unaffected
VendorRed Hat
≫
Product
RHODF-4.16-RHEL-9
Default Statusaffected
Version <
*
Version
v4.16.10-4
Status
unaffected
VendorRed Hat
≫
Product
RHODF-4.16-RHEL-9
Default Statusaffected
Version <
*
Version
v4.16.10-3
Status
unaffected
VendorRed Hat
≫
Product
RHODF-4.17-RHEL-9
Default Statusaffected
Version <
*
Version
v4.17.7-2
Status
unaffected
VendorRed Hat
≫
Product
RHODF-4.17-RHEL-9
Default Statusaffected
Version <
*
Version
v4.17.7-2
Status
unaffected
VendorRed Hat
≫
Product
RHODF-4.17-RHEL-9
Default Statusaffected
Version <
*
Version
v4.17.7-2
Status
unaffected
VendorRed Hat
≫
Product
RHODF-4.18-RHEL-9
Default Statusaffected
Version <
*
Version
v4.18.2-8
Status
unaffected
VendorRed Hat
≫
Product
RHODF-4.18-RHEL-9
Default Statusaffected
Version <
*
Version
v4.18.2-7
Status
unaffected
VendorRed Hat
≫
Product
RHODF-4.18-RHEL-9
Default Statusaffected
Version <
*
Version
v4.18.2-8
Status
unaffected
VendorRed Hat
≫
Product
Cryostat 3
Default Statusaffected
VendorRed Hat
≫
Product
Logging Subsystem for Red Hat OpenShift
Default Statusaffected
VendorRed Hat
≫
Product
Migration Toolkit for Virtualization
Default Statusunaffected
VendorRed Hat
≫
Product
.NET 6.0 on Red Hat Enterprise Linux
Default Statusaffected
VendorRed Hat
≫
Product
OpenShift Lightspeed
Default Statusaffected
VendorRed Hat
≫
Product
OpenShift Pipelines
Default Statusaffected
VendorRed Hat
≫
Product
OpenShift Pipelines
Default Statusaffected
VendorRed Hat
≫
Product
OpenShift Pipelines
Default Statusaffected
VendorRed Hat
≫
Product
OpenShift Pipelines
Default Statusaffected
VendorRed Hat
≫
Product
OpenShift Serverless
Default Statusaffected
VendorRed Hat
≫
Product
OpenShift Service Mesh 2
Default Statusaffected
VendorRed Hat
≫
Product
OpenShift Service Mesh 2
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat 3scale API Management Platform 2
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Advanced Cluster Management for Kubernetes 2
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat Advanced Cluster Security 4
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat Advanced Cluster Security 4
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat Advanced Cluster Security 4
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat Advanced Cluster Security 4
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat Advanced Cluster Security 4
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat Ansible Automation Platform 2
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Ansible Automation Platform 2
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Ansible Automation Platform 2
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat Ansible Automation Platform 2
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat build of Apache Camel - HawtIO 4
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat build of Apicurio Registry 2
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat build of OptaPlanner 8
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Ceph Storage 7
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Ceph Storage 7
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Ceph Storage 7
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Ceph Storage 7
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Ceph Storage 8
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Ceph Storage 8
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Ceph Storage 8
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Ceph Storage 8
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Data Grid 8
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Developer Hub
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat Discovery 1
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 10
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat Fuse 7
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Integration Camel K 1
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform 7
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform 8
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform Expansion Pack
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat OpenShift AI (RHOAI)
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat OpenShift AI (RHOAI)
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat OpenShift AI (RHOAI)
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat OpenShift AI (RHOAI)
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat OpenShift AI (RHOAI)
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat OpenShift AI (RHOAI)
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat OpenShift AI (RHOAI)
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat OpenShift AI (RHOAI)
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat OpenShift AI (RHOAI)
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat OpenShift AI (RHOAI)
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat OpenShift AI (RHOAI)
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat OpenShift AI (RHOAI)
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat OpenShift AI (RHOAI)
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat OpenShift Container Platform 3.11
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat OpenShift Container Platform 4
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat OpenShift Dev Spaces
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat OpenShift Dev Spaces
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat OpenShift Dev Spaces
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat OpenShift distributed tracing 3
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat OpenShift distributed tracing 3
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat OpenShift distributed tracing 3
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat OpenShift distributed tracing 3
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat OpenShift distributed tracing 3
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat OpenShift distributed tracing 3
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat OpenShift distributed tracing 3
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Process Automation 7
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Quay 3
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Satellite 6
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat Satellite 6
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat Single Sign-On 7
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Trusted Profile Analyzer
Default Statusaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.6% | 0.684 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secalert@redhat.com | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.