Approved changes feed: RSS · Atom
cpe:2.3:a:yahoo:serialize:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Yahoo (0dc01c4f-a37d-56de-8e72-74e1c6cb3fab) |
|---|---|
| Product | Serialize (a9c1ed8a-dfc3-5fb8-8f7b-47d6676a413e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/yahoo/serialize-javascript |
purl2cpe | 2026-06-01 10:17:01.200951 |
pkg:npm/serialize-javascript |
purl2cpe | 2026-06-01 10:17:01.200953 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-34043 |
vulnerable | 2026-06-03 15:22:08.893177 |
Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
MEDIUM (5.9)
Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service (DoS) vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object (an object that inherits from Array.prototype but has a very large length property), the process enters an intensive loop that consumes 100% CPU and hangs indefinitely. This issue has been patched in version 7.0.5.
Published: 2026-03-31T01:48:45.759Z
Updated: 2026-03-31T13:55:54.998Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.