seroval 1.4.1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the seroval package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data seroval is a Stringify JS values Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the `fromJSON` and `fromCrossJSON` functions during JSON deserialization. An attacker can execute arbitrary JavaScript code by crafting serialized data that exploits improper input handling and error deserialization, potentially overriding constant values and gaining indirect access to unsafe evaluation. Note: This is only exploitable if the attacker has partial knowledge of how the serialized data is processed during runtime. How to fix Deserialization of Untrusted Data? Upgrade `seroval` to version 1.4.2 or higher.	<1.4.2
H Regular Expression Denial of Service (ReDoS) seroval is a Stringify JS values Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `RegExp` serialization process. An attacker can cause the exhaustion of JavaScript runtime memory or trigger catastrophic backtracking by supplying extremely large strings for deserialization. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `seroval` to version 1.4.2 or higher.	<1.4.2
M Prototype Pollution seroval is a Stringify JS values Affected versions of this package are vulnerable to Prototype Pollution in the JSON deserialization process. An attacker can manipulate the prototype of objects by supplying malicious object keys during deserialization. How to fix Prototype Pollution? Upgrade `seroval` to version 1.4.2 or higher.	<1.4.2
H Allocation of Resources Without Limits or Throttling seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the encoded array lengths serialization process. An attacker can cause excessive processing time by overriding encoded array lengths with extremely large values. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `seroval` to version 1.4.2 or higher.	<1.4.2
H Allocation of Resources Without Limits or Throttling seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when serializing objects with very large depth. An attacker can cause resource exhaustion and disrupt service availability by submitting objects with excessive nesting depth. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `seroval` to version 1.4.2 or higher.	<1.4.2

Vulnerability

Vulnerable Version

Deserialization of Untrusted Data

seroval is a Stringify JS values

Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the fromJSON and fromCrossJSON functions during JSON deserialization. An attacker can execute arbitrary JavaScript code by crafting serialized data that exploits improper input handling and error deserialization, potentially overriding constant values and gaining indirect access to unsafe evaluation.

Note: This is only exploitable if the attacker has partial knowledge of how the serialized data is processed during runtime.

How to fix Deserialization of Untrusted Data?