VYPR

Serialize To Js

by Commenthol

Source repositories

CVEs (2)

  • CVE-2017-15871HigOct 24, 2017
    risk 0.49cvss 7.5epss 0.01

    The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as demonstrated by a "function(){console.log(" call or a simple infinite loop. NOTE:…

  • CVE-2019-16772Dec 6, 2019
    risk 0.00cvss epss 0.01

    The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation…