VYPR

Serialize To Js

by Serialize To Js Project

Source repositories

CVEs (2)

  • CVE-2017-5954CriFeb 10, 2017
    risk 0.57cvss 9.8epss 0.04

    An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).

  • CVE-2017-15871HigOct 24, 2017
    risk 0.49cvss 7.5epss 0.01

    The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as demonstrated by a "function(){console.log(" call or a simple infinite loop. NOTE:…