node-serialize@0.0.4 vulnerabilities

Serialize a object including it's function into a JSON.

Direct Vulnerabilities

Known vulnerabilities in the node-serialize package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Arbitrary Code Execution

node-serialize serializes an object and it's function into a JSON.

Affected versions of this package are vulnerable to Arbitrary Code Execution when untrusted user-input is passed into the unserialize() function.


var serialize = require('node-serialize');
var payload = '{"rce":"_$$ND_FUNC$$_function (){require(\'child_process\').exec(\'ls /\', function(error, stdout, stderr) { console.log(stdout) });}()"}';

How to fix Arbitrary Code Execution?

There is no fix version for node-serialize