CVE-2026-23956 seroval affected by Denial of Service via RegExp serialization

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 0.2.0 through 1.4.0, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegE...

EUVD-2026-3669

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegExp...

CVE-2026-23956 seroval affected by Denial of Service via RegExp serialization

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegExp...

CVE-2026-23956

CVE-2026-23956 concerns the seroval JavaScript value-stringification library. A flaw in RegExp serialization during deserialization allows memory exhaustion and, in some cases, Regular Expression Denial of Service (ReDoS). Affected versions are 1.4.0 and below; the issue is fixed in 1.4.1. Public...

PT-2026-3907

Name of the Vulnerable Software and Affected Versions Seroval versions 1.4.0 and below Description Seroval allows JavaScript value stringification, including complex structures beyond the capabilities of JSON.stringify. In versions 1.4.0 and below, serializing objects with significant depth can...

Seroval security vulnerabilities

Seroval is a formatted Java library developed by Alexis H. Munsayac. Versions of Seroval 1.4.0 and earlier contained security vulnerabilities, which stemmed from the potential to exceed the maximum call stack limit when serializing objects with a high serialization depth...

Azure Linux 3.0 Security Update: kernel (CVE-2024-47141)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47141 advisory. - In the Linux kernel, the following vulnerability has been resolved: pinmux: Use sequential access to access...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the encoded array lengths serialization process. An attacker can cause excessive processing time by overriding encoded array lengt...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:seroval is a Stringify JS values Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the RegExp serialization process. An attacker can cause the exhaustion of JavaScript runtime memory or trigger catastrophic backtracking by...

GHSA-HX9M-JF43-8FFR seroval affected by Denial of Service via RegExp serialization

Overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegExp serialization with patterns that trigger catastrophic backtracking can lead to ReDoS Regular Expression Denial of Service. Mitigation: Serova...

seroval affected by Denial of Service via RegExp serialization

Overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegExp serialization with patterns that trigger catastrophic backtracking can lead to ReDoS Regular Expression Denial of Service. Mitigation: Serova...

Regular Expression Denial of Service (ReDoS)

Overview seroval is a Stringify JS values Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the RegExp serialization process. An attacker can cause the exhaustion of JavaScript runtime memory or trigger catastrophic backtracking by supplying...

PT-2026-3889

Name of the Vulnerable Software and Affected Versions seroval versions 1.4.0 and below Description seroval is a JavaScript library that facilitates value stringification, including complex structures. In versions 1.4.0 and below, overriding RegExp serialization with excessively large patterns can...

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.261-2.6.22.2.0.1.el7.AXS7 (AXSA:2020-029:05)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-029:05 advisory. OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 OpenJDK: Incorrect type checks in MethodType.readObject Libraries,...

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.251-2.6.21.0.AXS4 (AXSA:2020-4483:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4483:01 advisory. OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS Security, 8229951 CVE-2020-2601 OpenJDK: Serialization filter changes via jdk.serialFilter...

MiracleLinux 8 : java-11-openjdk-11.0.14.0.9-2.el8 (AXSA:2022-3014:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3014:02 advisory. OpenJDK: Incomplete deserialization class filtering in ObjectInputStream Serialization, 8264934 CVE-2022-21248 OpenJDK: Incorrect reading of TIFF...

MiracleLinux 7 : java-11-openjdk-11.0.14.0.9-1.el7 (AXSA:2022-3015:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3015:03 advisory. OpenJDK: Incomplete deserialization class filtering in ObjectInputStream Serialization, 8264934 CVE-2022-21248 OpenJDK: Incorrect reading of TIFF...

MiracleLinux 8 : pki-core:10.6 (AXSA:2020-931:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-931:01 advisory. jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig CVE-2019-14540 jackson-databind: Serialization gadgets in...

MiracleLinux 7 : java-11-openjdk-11.0.6.10-1.el7 (AXSA:2020-4430:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4430:01 advisory. Security Fix - Oracle Java SESerialization CVE-2020-2583 - Oracle Java SESecurity Kerberos CVE-2020-2590 - Oracle Java SENetworking CVE-2020-2593 -...

MiracleLinux 8 : [security - moderate] pki-deps:10.6 security, bug fix, and enhancement updat (AXSA:2020-932:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-932:01 advisory. jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig CVE-2019-14540 jackson-databind: Serialization gadgets in...