The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2019-12-05T18:55:15
Updated: 2024-08-05T01:24:47.226Z
Reserved: 2019-09-24T00:00:00
Link: CVE-2019-16769
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-12-05T19:15:15.180
Modified: 2024-11-21T04:31:09.207
Link: CVE-2019-16769
Redhat