Cross-site Scripting (XSS) in serialize-javascript

Severity:: Medium

Description

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code.

Recommendation

Update the serialize-javascript package to the latest compatible version. Followings are version details:

Affected version(s): >= 6.0.0, < 6.0.2
Patched version(s): 6.0.2

References

GHSA-76p7-773f-r4q5
access.redhat.com
bugzilla.redhat.com
CVE-2024-11831
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Atro CSRF Middleware Bypass (security.checkOrigin) - CVE-2024-56140
Prototype Pollution in lodash (GHSA-p6mc-m468-83gw) - CVE-2020-8203
Better Call routing bug can lead to Cache Deception - Vulnerability
QMarkdown Cross-Site Scripting (XSS) vulnerability - CVE-2025-43954

Tags:: npm; serialize-javascript

Anything's wrong? Let us know Last updated on November 25, 2025