Description
Versions of serialize-to-js prior to 3.0.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications.
Recommendation
Update the serialize-to-js package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.0.1
- Patched version(s): 3.0.1
References
Related Issues
- Cross-Site Scripting in serialize-javascript - CVE-2019-16769
- Materialize-css vulnerable to Cross-site Scripting in autocomplete component - CVE-2019-11003
- Materialize-css vulnerable to Cross-site Scripting in autocomplete component (GHSA-7752-f4gf-94gc) - CVE-2019-11003
- Materialize-css vulnerable to Cross-site Scripting in tooltip component - CVE-2019-11002
- Tags:
- npm
- serialize-to-js
Anything's wrong? Let us know Last updated on November 06, 2023