Cross-Site Scripting in serialize-to-js

Severity:: Low

Description

Versions of serialize-to-js prior to 3.0.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications.

Recommendation

Update the serialize-to-js package to the latest compatible version. Followings are version details:

Affected version(s): < 3.0.1
Patched version(s): 3.0.1

References

GHSA-3fjq-93xj-3f3f
www.npmjs.com
CVE-2019-16772
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Cross-Site Scripting in serialize-javascript - CVE-2019-16769
Cross-Site Scripting in min-http-server - CVE-2019-5457
DOM-based cross-site scripting in Froala Editor - CVE-2019-19935
Cross-site Scripting (XSS) in serialize-javascript - CVE-2024-11831

Tags:: npm; serialize-to-js

Anything's wrong? Let us know Last updated on November 06, 2023