3.1.2
9 years ago
2 years ago
Known vulnerabilities in the serialize-to-js package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
serialize-to-js is a package to serialize objects into a string while checking circular structures and respecting references. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It does not properly sanitize against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of NOTE: This vulnerability has also been identified as: CVE-2019-16772 How to fix Cross-site Scripting (XSS)? Upgrade | <3.0.1 |
serialize-to-js is a package to serialize objects into a string while checking circular structures and respecting references. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It does not properly sanitize against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of NOTE: This vulnerability has also been identified as: CVE-2019-16769 How to fix Cross-site Scripting (XSS)? Upgrade | <3.0.1 |
serialize-to-js is a package to serialize objects into a string while checking circular structures and respecting references. Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for attackers to provide inputs that lead the execution to loop indefinitely. POC
How to fix Denial of Service (DoS)? Upgrade | <2.0.0 |
Affected versions of this package are vulnerable to Arbitrary Code Execution. If untrusted user-input is passed into the Example:
How to fix Arbitrary Code Execution? Upgrade | <1.0.0 |