CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

365 matches found

Cvelist•added 2020/06/01 2:50 p.m.•20 views

CVE-2020-7660

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js"...

8.1AI score0.03009EPSS

Exploits0References1

Positive Technologies•added 2020/06/01 12:0 a.m.•4 views

PT-2020-6072 · Npm · Serialize-Javascript

Name of the Vulnerable Software and Affected Versions: serialize-javascript versions prior to 3.1.0 Description: The issue is related to errors in code generation management in the deleteFunctions function of the serialize-javascript library. Exploitation of this issue may allow a remote attacker...

8.1CVSS9.8AI score0.03009EPSS

Exploits0References9

vulnersOsv•added 2020/05/19 9:0 p.m.•12 views

@internxt/cli (>=1.0.5 <=1.2.2), @latitude-data/cli (>=0.0.29 <=1.11.0-canary.8) +10 more potentially affected by CVE-2020-7660 via serialize-javascript (>=7.0.0 <=7.0.2)

serialize-javascript NPM version =7.0.0, =1.0.5, =0.0.29, =0.7.5, =1.3.0, =0.1.0, =1.0.7, =0.2.0, =0.7.0-alpha.6 Source cves: CVE-2020-7660 Source advisory: SNYK:JS-SERIALIZEJAVASCRIPT-570062...

8.1CVSS7.7AI score0.03009EPSS

Exploits0

Snyk•added 2020/05/19 9:0 p.m.•2 views

Arbitrary Code Injection

Overview serialize-javascript is a package to serialize JavaScript to a superset of JSON that includes regular expressions and functions. Affected versions of this package are vulnerable to Arbitrary Code Injection. An object like "foo": /1"/, "bar": "a"@R--0@" would be serialized as "foo": /1"/,...

8.1CVSS7.2AI score0.03009EPSS

Exploits0References3

Node.js•added 2019/12/11 4:59 p.m.•28 views

Cross-Site Scripting

Overview Versions of serialize-to-js prior to 3.0.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications. Recommendation Upgrade to version 3.0.1 or later. References - GitHub advisory -...

4.3CVSS4.1AI score0.00646EPSS

Exploits0Affected Software1

CNVD•added 2019/12/10 12:0 a.m.•3 views

serialize-javascript cross-site scripting vulnerability

serialize-javascript is a package that supports serializing JavaScript to JSON supersets. A cross-site scripting vulnerability exists in serialize-javascript versions prior to 2.1.1. The vulnerability stems from a web application that lacks proper validation of client-side data. An attacker can...

5.4CVSS6.3AI score0.00977EPSS

Exploits0References1

Node.js•added 2019/12/09 3:26 p.m.•35 views

Cross-Site Scripting

Overview Versions of serialize-javascript prior to 2.1.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications. Recommendation Upgrade to version 2.1.1 or later. References - GitHub advisor...

3.5CVSS4.1AI score0.00977EPSS

Exploits0Affected Software1

CNVD•added 2019/12/09 12:0 a.m.•4 views

serialize-to-js cross-site scripting vulnerability

serialize-to-js is a package that serializes objects to strings. A cross-site scripting vulnerability exists in serialize-to-js NPM versions prior to 3.0.1. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this...

6.1CVSS6.4AI score0.00646EPSS

Exploits0References1

NVD•added 2019/12/07 12:15 a.m.•16 views

CVE-2019-16772

The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...

6.1CVSS4.5AI score0.00646EPSS

Exploits0References2

Prion•added 2019/12/07 12:15 a.m.•15 views

Cross site scripting

4.3CVSS6AI score0.00646EPSS

Exploits0References2Affected Software1

CVE•added 2019/12/06 11:25 p.m.•239 views

CVE-2019-16772

The CVE-2019-16772 entry concerns the npm package serialize-to-js, with versions before 3.0.1 vulnerable to XSS due to unsafe characters in serialized regular expressions. Node.js environments are not affected because RegExp.prototype.toString() escapes forward slashes, but non-Node.js environmen...

6.1CVSS4.8AI score0.00646EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/12/06 11:25 p.m.•25 views

CVE-2019-16772 regular expressions Cross-Site Scripting (XSS) vulnerability in serialize-to-js

3.1CVSS6.1AI score0.00646EPSS

Exploits0References2

vulnersOsv•added 2019/12/06 11:20 p.m.•3 views

@achil/parcel-bundler (>=1.11.1 <=1.12.34), @acrylic/acrylic (>=0.1.0 <=0.1.2) +157 more potentially affected by CVE-2019-16772 via serialize-to-js (>=0.5.0 <=2.0.1)

serialize-to-js NPM version =0.5.0, =1.11.1, =0.1.0, =4.0.0, =4.1.0, =4.1.2, =0.9.2-pre.41, =2.0.2, =1.0.0, =1.9.3, =0.3.0, =1.12.3, =1.0.0, =0.0.1, =3.2.2, =3.2.4 and more Source cves: CVE-2019-16772 Source advisory: OSV:GHSA-3FJQ-93XJ-3F3F...

6.1CVSS6.3AI score0.00646EPSS

Exploits0

Github Security Blog•added 2019/12/06 11:20 p.m.•188 views

Cross-Site Scripting in serialize-to-js

Versions of serialize-to-js prior to 3.0.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications. Recommendation Upgrade to version 3.0.1 or later...

6.1CVSS3.7AI score0.00646EPSS

Exploits0References5Affected Software1

OSV•added 2019/12/06 11:20 p.m.•22 views

GHSA-3FJQ-93XJ-3F3F Cross-Site Scripting in serialize-to-js

3.1CVSS6AI score0.00646EPSS

Exploits0References5

Veracode•added 2019/12/06 3:26 a.m.•29 views

Cross-Site Scripting (XSS)

serialize-javascript is vulnerable to cross-site scripting XSS. Unsafe characters are not properly validated and sanitized in serialized regular expressions, allowing an attacker to inject and execute arbitrary Javascript into a victim's browser. This vulnerability is not affected on Node.js...

5.4CVSS5.4AI score0.00977EPSS

Exploits0References1Affected Software2

NVD•added 2019/12/05 7:15 p.m.•30 views

CVE-2019-16769

The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...

5.4CVSS5.1AI score0.00977EPSS

Exploits0References1

OSV•added 2019/12/05 7:15 p.m.•23 views

CVE-2019-16769

5.4CVSS5.4AI score

Exploits0References1

Prion•added 2019/12/05 7:15 p.m.•17 views

Cross site scripting

3.5CVSS5.5AI score0.00977EPSS

Exploits0References1Affected Software1

CVE•added 2019/12/05 6:55 p.m.•140 views

CVE-2019-16769

The CVE-2019-16769 issue affects the npm package serialize-javascript prior to version 2.1.1, which is vulnerable to Cross-site Scripting (XSS) due to unsafe characters in serialized regular expressions. Node.js environments are not affected because RegExp.prototype.toString() escapes forward sla...

5.4CVSS4.9AI score0.00977EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by