Description
Affected versions of serialize-to-js may be vulnerable to arbitrary code execution through an Immediately Invoked Function Expression (IIFE).
Recommendation
Update the serialize-to-js package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.0.0
- Patched version(s): 1.0.0
References
- GHSA-mm62-wxc8-cf7m
- www.npmjs.com
- opsecx.com
- www.securityfocus.com
- CVE-2017-5954
- CWE-502
- CAPEC-310
- OWASP 2021-A6
- OWASP 2021-A8
Related Issues
- counterpart vulnerable to prototype pollution - CVE-2025-57354
- Parse Server has an OAuth login vulnerability - CVE-2025-30168
- Use of Insufficiently Random Values in undici - CVE-2025-22150
- SummerNote Cross Site Scripting Vulnerability - CVE-2024-37629
- Tags:
- npm
- serialize-to-js
Anything's wrong? Let us know Last updated on November 29, 2023