Cross-Site Scripting in serialize-javascript

Description

Versions of serialize-javascript prior to 2.1.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications.

Recommendation

Update the serialize-javascript package to the latest compatible version. Followings are version details:

• Affected version(s): < 2.1.1
• Patched version(s): 2.1.1

References

• GHSA-h9rv-jmmf-4pgx
• www.npmjs.com
• CVE-2019-16769
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Cross-site Scripting (XSS) in serialize-javascript - CVE-2024-11831
• Cross-Site Scripting in serialize-to-js - CVE-2019-16772
• DOM-based cross-site scripting in Froala Editor - CVE-2019-19935
• Cross-site Scripting in pandao editor.md - CVE-2019-14517

Tags:

npm

serialize-javascript