The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.
References
Link | Resource |
---|---|
https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2019-12-05T18:55:15
Updated: 2019-12-06T15:11:57
Reserved: 2019-09-24T00:00:00
Link: CVE-2019-16769
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-12-05T19:15:15.180
Modified: 2020-01-17T13:42:04.210
Link: CVE-2019-16769
JSON object: View
Redhat Information
No data.
CWE