Description
Versions of serialize-to-js prior to 2.0.0 are vulnerable to Denial of Service. User input is not properly validated, allowing attackers to provide inputs that lead the execution to loop indefinitely.
Recommendation
Update the serialize-to-js package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.0.0
- Patched version(s): 2.0.0
References
Related Issues
- tRPC 11 WebSocket DoS Vulnerability - CVE-2025-43855
- DocsGPT Allows Remote Code Execution - CVE-2025-0868
- Signature Malleabillity in elliptic - CVE-2020-13822
- Joplin Vulnerable to Code Injection - CVE-2022-23340
- Tags:
- npm
- serialize-to-js
Anything's wrong? Let us know Last updated on January 09, 2023