npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions

A XSS flaw was found in npm-serialize-javascript. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString backslash-escapes all forward slashes ...

RHEL 8 : Red Hat OpenShift Service Mesh servicemesh-grafana (RHSA-2020:2796)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2796 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

CVE-2019-16769

A XSS flaw was found in npm-serialize-javascript. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString backslash-escapes all forward slashes ...

CVE-2020-7660

A flaw was found in the serialize-javascript before version 3.1.0. This flaw allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js."...

Remote Code Execution (RCE)

serialize-javascript is vulnerable to remote code execution RCE. The attack exists because the deleteFunctions within index.js does not sanitize the objects foo and bar and generates the value of internal UID using Math.random function with insufficient entropy, allowing an attacker to brute forc...

serialize-javascript code issue vulnerability

Verizon serialize-javascript is a package from Verizon that supports serializing JavaScript to JSON supersets. A code issue vulnerability exists in serialize-javascript versions prior to 3.1.0. A remote attacker can use the 'deleteFunctions' function in the index.js file to inject arbitrary code...

CVE-2020-7660

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js"...

Code injection

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js"...

CVE-2020-7660

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js"...

CVE-2020-7660

CVE-2020-7660 affects the serialize-javascript package prior to 3.1.0, where the function named deleteFunctions in index.js can be abused by a remote attacker to inject arbitrary code. The vulnerability enables remote code execution with network access and no authentication, with potential for hi...

PT-2020-6072 · Npm · Serialize-Javascript

Name of the Vulnerable Software and Affected Versions: serialize-javascript versions prior to 3.1.0 Description: The issue is related to errors in code generation management in the deleteFunctions function of the serialize-javascript library. Exploitation of this issue may allow a remote attacker...

@internxt/cli (>=1.0.5 <=1.2.2), @latitude-data/cli (>=0.0.29 <=1.11.0-canary.8) +10 more potentially affected by CVE-2020-7660 via serialize-javascript (>=7.0.0 <=7.0.2)

serialize-javascript NPM version =7.0.0, =1.0.5, =0.0.29, =0.7.5, =1.3.0, =0.1.0, =1.0.7, =0.2.0, =0.7.0-alpha.6 Source cves: CVE-2020-7660 Source advisory: SNYK:JS-SERIALIZEJAVASCRIPT-570062...

Arbitrary Code Injection

Overview serialize-javascript is a package to serialize JavaScript to a superset of JSON that includes regular expressions and functions. Affected versions of this package are vulnerable to Arbitrary Code Injection. An object like "foo": /1"/, "bar": "a"@R--0@" would be serialized as "foo": /1"/,...

serialize-javascript cross-site scripting vulnerability

serialize-javascript is a package that supports serializing JavaScript to JSON supersets. A cross-site scripting vulnerability exists in serialize-javascript versions prior to 2.1.1. The vulnerability stems from a web application that lacks proper validation of client-side data. An attacker can...

Cross-Site Scripting

Overview Versions of serialize-javascript prior to 2.1.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications. Recommendation Upgrade to version 2.1.1 or later. References - GitHub advisor...

Cross-Site Scripting (XSS)

serialize-javascript is vulnerable to cross-site scripting XSS. Unsafe characters are not properly validated and sanitized in serialized regular expressions, allowing an attacker to inject and execute arbitrary Javascript into a victim's browser. This vulnerability is not affected on Node.js...

CVE-2019-16769

The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...

CVE-2019-16769

The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...

Cross site scripting

The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...

CVE-2019-16769

The CVE-2019-16769 issue affects the npm package serialize-javascript prior to version 2.1.1, which is vulnerable to Cross-site Scripting (XSS) due to unsafe characters in serialized regular expressions. Node.js environments are not affected because RegExp.prototype.toString() escapes forward sla...