Description
Versions of serialize-to-js prior to 2.0.0 are vulnerable to Denial of Service. User input is not properly validated, allowing attackers to provide inputs that lead the execution to loop indefinitely.
Recommendation
Update the serialize-to-js package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.0.0
- Patched version(s): 2.0.0
References
Related Issues
- Regular Expression Denial of Service in markdown - Vulnerability
- Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects - CVE-2026-34043
- prismjs Regular Expression Denial of Service vulnerability - CVE-2021-3801
- ua-parser-js Regular Expression Denial of Service vulnerability - CVE-2020-7793
You might also like:
- Tags:
- npm
- serialize-to-js
Anything's wrong? Let us know Last updated on January 09, 2023