10 matches found
CVE-2026-23737
A flaw was found in seroval, a JavaScript library designed to convert complex data into a string format. This vulnerability exists within the library's JSON deserialization process, which is responsible for converting string data back into usable objects. A remote attacker can exploit improper...
CVE-2026-23737
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding consta...
CVE-2026-23737 seroval Affected by Remote Code Execution via JSON Deserialization
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding consta...
CVE-2026-23737
CVE-2026-23737 affects the seroval JavaScript library. The flaw resides in the JSON deserialization path, specifically the fromJSON and fromCrossJSON functions, where improper input handling can permit arbitrary JavaScript code execution. Exploitation is described as requiring multiple (four) req...
CVE-2026-23737 seroval Affected by Remote Code Execution via JSON Deserialization
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding consta...
CVE-2026-23737 seroval Affected by Remote Code Execution via JSON Deserialization
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding consta...
GHSA-3RXJ-6CGF-8CFW seroval Affected by Remote Code Execution via JSON Deserialization
Improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. The vulnerability can be exploited via overriding constant value and error deserialization, which allows indirect access to unsafe JS evaluation. This requires at least the ability to...
Deserialization of Untrusted Data
Overview seroval is a Stringify JS values Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the fromJSON and fromCrossJSON functions during JSON deserialization. An attacker can execute arbitrary JavaScript code by crafting serialized data that exploits...
seroval Affected by Remote Code Execution via JSON Deserialization
Improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. The vulnerability can be exploited via overriding constant value and error deserialization, which allows indirect access to unsafe JS evaluation. This requires at least the ability to...
PT-2026-3879
Name of the Vulnerable Software and Affected Versions seroval versions prior to 1.4.0 Description seroval is a JavaScript library that facilitates value stringification, including complex structures beyond the capabilities of JSON.stringify. Improper input handling in the JSON deserialization...