Description
Versions of serialize-to-js prior to 2.0.0 are vulnerable to Denial of Service. User input is not properly validated, allowing attackers to provide inputs that lead the execution to loop indefinitely.
Recommendation
Update the serialize-to-js package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.0.0
- Patched version(s): 2.0.0
References
Related Issues
- jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch - CVE-2026-24001
- Denial of Service in rgb2hex - Vulnerability
- useragent Regular Expression Denial of Service vulnerability - CVE-2020-26311
- Regular Expression Denial of Service in millisecond - Vulnerability
You might also like:
- Tags:
- npm
- serialize-to-js
Anything's wrong? Let us know Last updated on January 09, 2023


