Cross-Site Scripting in serialize-to-js

Severity:: Low

Description

Versions of serialize-to-js prior to 3.0.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications.

Recommendation

Update the serialize-to-js package to the latest compatible version. Followings are version details:

Affected version(s): < 3.0.1
Patched version(s): 3.0.1

References

GHSA-3fjq-93xj-3f3f
www.npmjs.com
CVE-2019-16772
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

tarteaucitron Cross-site Scripting (XSS) - CVE-2025-1467
Cross site scripting in markdown-to-jsx - CVE-2024-21535
uPlot Prototype Pollution vulnerability - CVE-2024-21489
FUXA local file inclusion vulnerability - CVE-2023-31718

Tags:: npm; serialize-to-js

Anything's wrong? Let us know Last updated on November 06, 2023