Skip to main content

Serialize To Js

3 CVEs product

Monthly

CVE-2019-16772 npm MEDIUM PATCH This Month

The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Node.js Serialize To Js
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2017-15871 HIGH POC This Week

The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Serialize To Js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2017-5954 npm CRITICAL POC PATCH Act Now

An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Node.js RCE Serialize To Js
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Node.js Serialize To Js
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Serialize To Js
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Node.js RCE +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy