CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

90 matches found

IBM Security Bulletins•added 2020/12/14 6:38 p.m.•19 views

Security Bulletin: A security vulnerability in Node.js serialize-javascript affects IBM Cloud Pak for Multicloud Management Managed Service.

Summary A security vulnerability in Node.js serialize-javascript affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details Third Party Entry: 186585 DESCRIPTION: Node.js serialize-javascript module code execution CVSS Base score: 9.8 CVSS Temporal Score: See:...

1AI score

Exploits0Affected Software1

vulnersOsv•added 2020/08/11 5:21 p.m.•6 views

0x0.icu.anima (=0.1.0), 1.1.0 (=1.0.0) +15467 more potentially affected by CVE-2020-7660 via serialize-javascript (>=1.0.0 <=3.0.0)

serialize-javascript NPM version =1.0.0, =6.2.0, =0.1.0, =0.0.1, =2.0.0, =0.1.0, =1.0.1, =0.1.0, =0.24.0, =0.29.0 and more Source cves: CVE-2020-7660 Source advisory: OSV:GHSA-HXCC-F52P-WC94...

8.1CVSS7.7AI score0.03009EPSS

Exploits0

OSV•added 2020/08/11 5:21 p.m.•47 views

GHSA-HXCC-F52P-WC94 Insecure serialization leading to RCE in serialize-javascript

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". An object such as "foo": /1"/, "bar": "a"@R--0@" was serialized as "foo": /1"/, "bar": "a/1"/, which allows an attacker to escape the bar key. This requires...

8.1CVSS8AI score0.03009EPSS

Exploits0References3

Github Security Blog•added 2020/08/11 5:21 p.m.•349 views

Insecure serialization leading to RCE in serialize-javascript

8.1CVSS4.3AI score0.03009EPSS

Exploits0References3Affected Software1

RedHat Linux•added 2020/07/01 6:46 p.m.•19 views

npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions

A XSS flaw was found in npm-serialize-javascript. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString backslash-escapes all forward slashes ...

5.4CVSS5.7AI score0.00977EPSS

Exploits0References4

RedHat Linux•added 2020/07/01 6:46 p.m.•30 views

npm-serialize-javascript: allows remote attackers to inject arbitrary code via the function deleteFunctions within index.js

A flaw was found in the serialize-javascript before version 3.1.0. This flaw allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js."...

8.1CVSS6AI score0.03009EPSS

Exploits0References4

Tenable Nessus•added 2020/07/01 12:0 a.m.•74 views

RHEL 8 : Red Hat OpenShift Service Mesh servicemesh-grafana (RHSA-2020:2796)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2796 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

8.2CVSS7AI score0.99856EPSS

Exploits8References18

RedhatCVE•added 2020/06/17 4:56 p.m.•16 views

CVE-2019-16769

3.5CVSS4.7AI score0.00977EPSS

Exploits0References3

RedhatCVE•added 2020/06/04 8:21 p.m.•27 views

CVE-2020-7660

A flaw was found in the serialize-javascript before version 3.1.0. This flaw allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js."...

8.1CVSS6.4AI score0.03009EPSS

Exploits0References3

Veracode•added 2020/06/02 1:30 a.m.•25 views

Remote Code Execution (RCE)

serialize-javascript is vulnerable to remote code execution RCE. The attack exists because the deleteFunctions within index.js does not sanitize the objects foo and bar and generates the value of internal UID using Math.random function with insufficient entropy, allowing an attacker to brute forc...

8.1CVSS4.4AI score0.03009EPSS

Exploits0References1Affected Software2

CNVD•added 2020/06/02 12:0 a.m.•4 views

serialize-javascript code issue vulnerability

Verizon serialize-javascript is a package from Verizon that supports serializing JavaScript to JSON supersets. A code issue vulnerability exists in serialize-javascript versions prior to 3.1.0. A remote attacker can use the 'deleteFunctions' function in the index.js file to inject arbitrary code...

8.1CVSS9.6AI score0.03009EPSS

Exploits0References1

NVD•added 2020/06/01 3:15 p.m.•14 views

CVE-2020-7660

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js"...

8.1CVSS8.2AI score0.03009EPSS

Exploits0References1

Prion•added 2020/06/01 3:15 p.m.•14 views

Code injection

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js"...

6.8CVSS8.1AI score0.03009EPSS

Exploits0References1Affected Software1

CVE•added 2020/06/01 2:50 p.m.•168 views

CVE-2020-7660

CVE-2020-7660 affects the serialize-javascript package prior to 3.1.0, where the function named deleteFunctions in index.js can be abused by a remote attacker to inject arbitrary code. The vulnerability enables remote code execution with network access and no authentication, with potential for hi...

8.1CVSS8AI score0.03009EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/06/01 2:50 p.m.•20 views

CVE-2020-7660

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js"...

8.1AI score0.03009EPSS

Exploits0References1

Positive Technologies•added 2020/06/01 12:0 a.m.•4 views

PT-2020-6072 · Npm · Serialize-Javascript

Name of the Vulnerable Software and Affected Versions: serialize-javascript versions prior to 3.1.0 Description: The issue is related to errors in code generation management in the deleteFunctions function of the serialize-javascript library. Exploitation of this issue may allow a remote attacker...

8.1CVSS9.8AI score0.03009EPSS

Exploits0References9

Snyk•added 2020/05/19 9:0 p.m.•2 views

Arbitrary Code Injection

Overview serialize-javascript is a package to serialize JavaScript to a superset of JSON that includes regular expressions and functions. Affected versions of this package are vulnerable to Arbitrary Code Injection. An object like "foo": /1"/, "bar": "a"@R--0@" would be serialized as "foo": /1"/,...

8.1CVSS7.2AI score0.03009EPSS

Exploits0References3

vulnersOsv•added 2020/05/19 9:0 p.m.•12 views

@internxt/cli (>=1.0.5 <=1.2.2), @latitude-data/cli (>=0.0.29 <=1.11.0-canary.8) +10 more potentially affected by CVE-2020-7660 via serialize-javascript (>=7.0.0 <=7.0.2)

serialize-javascript NPM version =7.0.0, =1.0.5, =0.0.29, =0.7.5, =1.3.0, =0.1.0, =1.0.7, =0.2.0, =0.7.0-alpha.6 Source cves: CVE-2020-7660 Source advisory: SNYK:JS-SERIALIZEJAVASCRIPT-570062...

8.1CVSS7.7AI score0.03009EPSS

Exploits0

CNVD•added 2019/12/10 12:0 a.m.•3 views

serialize-javascript cross-site scripting vulnerability

serialize-javascript is a package that supports serializing JavaScript to JSON supersets. A cross-site scripting vulnerability exists in serialize-javascript versions prior to 2.1.1. The vulnerability stems from a web application that lacks proper validation of client-side data. An attacker can...

5.4CVSS6.3AI score0.00977EPSS

Exploits0References1

Node.js•added 2019/12/09 3:26 p.m.•35 views

Cross-Site Scripting

Overview Versions of serialize-javascript prior to 2.1.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications. Recommendation Upgrade to version 2.1.1 or later. References - GitHub advisor...

3.5CVSS4.1AI score0.00977EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by