Description
Affected versions of serialize-to-js may be vulnerable to arbitrary code execution through an Immediately Invoked Function Expression (IIFE).
Recommendation
Update the serialize-to-js package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.0.0
- Patched version(s): 1.0.0
References
- GHSA-mm62-wxc8-cf7m
- www.npmjs.com
- opsecx.com
- www.securityfocus.com
- CVE-2017-5954
- CWE-502
- CAPEC-310
- OWASP 2021-A6
- OWASP 2021-A8
Related Issues
- Arbitrary Code Execution in mathjs (GHSA-vx5c-87qx-cv6c) - CVE-2017-1001002
- ejs is vulnerable to remote code execution due to weak input validation - CVE-2017-1000228
- Arbitrary Code Execution in mathjs - CVE-2017-1001003
- Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution - CVE-2023-36475
- Tags:
- npm
- serialize-to-js
Anything's wrong? Let us know Last updated on November 29, 2023