CVE-2019-16772

The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...

EUVD-2018-0297

Malware in sbrugna...

EUVD-2019-0772

Malware in sbrugna...

Denial Of Service (DoS)

serialize-to-js is vulnerable to denial of service DoS. The vulnerability exists as the unvalidated user input could cause an infinite loop in the deserialize function...

Denial of Service in serialize-to-js

Versions of serialize-to-js prior to 2.0.0 are vulnerable to Denial of Service. User input is not properly validated, allowing attackers to provide inputs that lead the execution to loop indefinitely. Recommendation Upgrade to version 2.0.0 or later...

GHSA-W5Q7-3PR9-X44W Denial of Service in serialize-to-js

Versions of serialize-to-js prior to 2.0.0 are vulnerable to Denial of Service. User input is not properly validated, allowing attackers to provide inputs that lead the execution to loop indefinitely. Recommendation Upgrade to version 2.0.0 or later...

@achil/parcel-bundler (>=1.11.1 <=1.12.34), @acrylic/acrylic (>=0.1.0 <=0.1.2) +90 more potentially affected by unknown CVE via serialize-to-js (>=0.5.0 <=1.2.2)

serialize-to-js NPM version =0.5.0, =1.11.1, =0.1.0, =4.0.0, =4.1.0, =4.1.2, =0.9.2-pre.41, =2.0.2, =1.0.0, =1.9.3, =0.3.0, =1.12.3, =1.0.0, =0.0.1, =3.2.2, =3.2.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W5Q7-3PR9-X44W...

Cross-Site Scripting

Overview Versions of serialize-to-js prior to 3.0.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications. Recommendation Upgrade to version 3.0.1 or later. References - GitHub advisory -...

serialize-to-js cross-site scripting vulnerability

serialize-to-js is a package that serializes objects to strings. A cross-site scripting vulnerability exists in serialize-to-js NPM versions prior to 3.0.1. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this...

CVE-2019-16772

The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...

Cross site scripting

The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...

CVE-2019-16772 regular expressions Cross-Site Scripting (XSS) vulnerability in serialize-to-js

The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...

CVE-2019-16772

The CVE-2019-16772 entry concerns the npm package serialize-to-js, with versions before 3.0.1 vulnerable to XSS due to unsafe characters in serialized regular expressions. Node.js environments are not affected because RegExp.prototype.toString() escapes forward slashes, but non-Node.js environmen...

GHSA-3FJQ-93XJ-3F3F Cross-Site Scripting in serialize-to-js

Versions of serialize-to-js prior to 3.0.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications. Recommendation Upgrade to version 3.0.1 or later...

Cross-Site Scripting in serialize-to-js

Versions of serialize-to-js prior to 3.0.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications. Recommendation Upgrade to version 3.0.1 or later...

@achil/parcel-bundler (>=1.11.1 <=1.12.34), @acrylic/acrylic (>=0.1.0 <=0.1.2) +157 more potentially affected by CVE-2019-16772 via serialize-to-js (>=0.5.0 <=2.0.1)

serialize-to-js NPM version =0.5.0, =1.11.1, =0.1.0, =4.0.0, =4.1.0, =4.1.2, =0.9.2-pre.41, =2.0.2, =1.0.0, =1.9.3, =0.3.0, =1.12.3, =1.0.0, =0.0.1, =3.2.2, =3.2.4 and more Source cves: CVE-2019-16772 Source advisory: OSV:GHSA-3FJQ-93XJ-3F3F...

Denial of Service

Overview Versions of serialize-to-js prior to 2.0.0 are vulnerable to Denial of Service. User input is not properly validated, allowing attackers to provide inputs that lead the execution to loop indefinitely. Recommendation Upgrade to version 2.0.0 or later. References GitHub Advisory...

Code Execution Through IIFE in serialize-to-js

Affected versions of serialize-to-js may be vulnerable to arbitrary code execution through an Immediately Invoked Function Expression IIFE. Proof of Concept js var payload = "e: function eval'console.logexploited' " var serialize = require'serialize-to-js'; serialize.deserializepayload;...

astronomia (>=1.3.1 <=1.3.2) potentially affected by CVE-2017-5954 via serialize-to-js (=0.5.0)

serialize-to-js NPM version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on serialize-to-js and may be impacted: - astronomia =1.3.1, =1.3.2 Source cves: CVE-2017-5954 Source advisory: OSV:GHSA-MM62-WXC8-CF7M...

GHSA-MM62-WXC8-CF7M Code Execution Through IIFE in serialize-to-js

Affected versions of serialize-to-js may be vulnerable to arbitrary code execution through an Immediately Invoked Function Expression IIFE. Proof of Concept js var payload = "e: function eval'console.logexploited' " var serialize = require'serialize-to-js'; serialize.deserializepayload;...