Low severityNVD Advisory· Published Dec 6, 2019· Updated Aug 5, 2024
regular expressions Cross-Site Scripting (XSS) vulnerability in serialize-to-js
CVE-2019-16772
Description
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
serialize-to-jsnpm | < 3.0.1 | 3.0.1 |
Affected products
2- Range: < 3.0.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-3fjq-93xj-3f3fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-16772ghsaADVISORY
- github.com/commenthol/serialize-to-js/commit/181d7d583ae5293cd47cc99b14ad13352875f3e3ghsax_refsource_MISCWEB
- github.com/commenthol/serialize-to-js/security/advisories/GHSA-3fjq-93xj-3f3fghsax_refsource_CONFIRMWEB
- www.npmjs.com/advisories/1429ghsaWEB
News mentions
0No linked articles in our index yet.