Cross-Site Scripting

2019-12-09T15:26:05
ID NODEJS:1426
Type nodejs
Reporter Ryuichi Okumura
Modified 2019-12-10T19:05:13

Description

Overview

Versions of serialize-javascript prior to 2.1.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications.

Recommendation

Upgrade to version 2.1.1 or later.

References