Published: 05/12/2019 Updated: 17/01/2020

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
verizon serialize-javascript

Übersicht Important: Red Hat OpenShift Service Mesh servicemesh-grafana security update Typ/Schweregrad Security Advisory: Important Thema An update for servicemesh-grafana is now available for OpenShift Service Mesh 11Red Hat Product Security has rated this update as having a security impact of Importan ...

Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

CWE-79 https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:2796

CVE-2019-16769

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect