Serialize Javascript
Approved changes feed: RSS · Atom
cpe:2.3:a:yahoo:serialize-javascript:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Yahoo (0dc01c4f-a37d-56de-8e72-74e1c6cb3fab) |
|---|---|
| Product | Serialize Javascript (5a8663ab-9972-51ca-af74-1023529827ce) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-34043 |
vulnerable | 2026-06-03 15:22:08.892203 |
Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
MEDIUM (5.9)
Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service (DoS) vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object (an object that inherits from Array.prototype but has a very large length property), the process enters an intensive loop that consumes 100% CPU and hangs indefinitely. This issue has been patched in version 7.0.5.
Published: 2026-03-31T01:48:45.759Z
Updated: 2026-03-31T13:55:54.998Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-16769 |
vulnerable | 2026-06-03 14:39:55.337924 |
Affected versions of serialize-javascript are vulnerable to Cross-site Scripting (XSS)
MEDIUM (4.2)
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.
Published: 2019-12-05T18:55:15.000Z
Updated: 2024-08-05T01:24:47.226Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.