2 matches found
CVE-2017-15871
The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function" substring, as demonstrated by a "functionconsole.log" call or a simple infinite loop. NOTE: the vendor agrees that...
CVE-2017-15871
The CVE-2017-15871 entry affects the deserialize function in serialize-to-js (versions ≤ 1.1.1). Affected input involving an Immediately Invoked Function Expression substring (e.g., function(){console.log(…)}) can cause a denial of service. The vendor acknowledges the DoS risk and states deserial...