VYPR

npm package

serialize-to-js

pkg:npm/serialize-to-js

Vulnerabilities (2)

  • CVE-2019-16772Dec 6, 2019
    affected < 3.0.1fixed 3.0.1

    The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of

  • CVE-2017-5954CriFeb 10, 2017
    affected < 1.0.0fixed 1.0.0

    An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).