Description
Versions of serialize-javascript prior to 2.1.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications.
Recommendation
Update the serialize-javascript package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.1.1
- Patched version(s): 2.1.1
References
Related Issues
- Cross-site Scripting (XSS) in serialize-javascript - CVE-2024-11831
- json-logic-js Command Injection vulnerability - CVE-2021-4329
- Bootstrap Cross-site Scripting vulnerability - CVE-2016-10735
- protobufjs Prototype Pollution vulnerability - CVE-2023-36665
- Tags:
- npm
- serialize-javascript
Anything's wrong? Let us know Last updated on January 09, 2023