Description
Versions of serialize-to-js prior to 2.0.0 are vulnerable to Denial of Service. User input is not properly validated, allowing attackers to provide inputs that lead the execution to loop indefinitely.
Recommendation
Update the serialize-to-js package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.0.0
- Patched version(s): 2.0.0
References
Related Issues
- Denial of Service in ws - Vulnerability
- Regular Expression Denial of Service in markdown - Vulnerability
- Regular Expression Denial of Service in millisecond - Vulnerability
- useragent Regular Expression Denial of Service vulnerability - CVE-2020-26311
- Tags:
- npm
- serialize-to-js
Anything's wrong? Let us know Last updated on January 09, 2023