High severityNVD Advisory· Published Jun 1, 2020· Updated Aug 4, 2024
CVE-2020-7660
CVE-2020-7660
Description
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
serialize-javascriptnpm | < 3.1.0 | 3.1.0 |
Affected products
2- serialize-javascript/serialize-javascriptdescription
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-hxcc-f52p-wc94ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7660ghsaADVISORY
- github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbdghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.