Lucene search

K
prionPRIOn knowledge basePRION:CVE-2019-16769
HistoryDec 05, 2019 - 7:15 p.m.

Cross site scripting

2019-12-0519:15:00
PRIOn knowledge base
www.prio-n.com
4

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.8%

The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js’s implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.

CPENameOperatorVersion
serialize-javascriptlt2.1.1

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.8%