Serialize-to-js Project

Serialize-to-js

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2019-16772

  • EPSS 0.3%
  • Veröffentlicht 07.12.2019 00:15:11
  • Zuletzt bearbeitet 21.11.2024 04:31:09

The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment sin...

7.5

CVE-2017-15871

Exploit
  • EPSS 0.28%
  • Veröffentlicht 24.10.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as demonstrated by a "function(){console.log(" call or a ...

9.8

CVE-2017-5954

Exploit
  • EPSS 1.67%
  • Veröffentlicht 10.02.2017 07:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function E...