CVE-2024-11831 — Cross-site Scripting in Node-serialize-javascript

CWE-79 — Cross-site Scripting7 documents6 sources

Severity

5.4MEDIUMNVD

EPSS

1.1%

top 21.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Node-serialize-javascript Verizon Serialize-javascript Msrc Azl3 Python-tensorboard 2.16.2-6 ON Azure Linux 3.0 +1 more

Timeline

PublishedFeb 10

Latest updateFeb 11

Description

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or we…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

▶npmverizon/serialize-javascript6.0.0 — 6.0.2

▶debiandebian/node-serialize-javascript< node-serialize-javascript 6.0.0-2+deb12u1 (bookworm)

▶msrcmsrc/cbl2_reaper_3.1.1-18_on_cbl_mariner_2.0

▶msrcmsrc/azl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0

🔴Vulnerability Details

OSV

CVE-2024-11831: A flaw was found in npm-serialize-javascript↗2025-02-10

▶

GHSA

Cross-site Scripting (XSS) in serialize-javascript↗2025-02-10

▶

OSV

Cross-site Scripting (XSS) in serialize-javascript↗2025-02-10

▶

📋Vendor Advisories

Microsoft

Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript↗2025-02-11

▶

Red Hat

npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript↗2024-09-16

▶

Debian

CVE-2024-11831: node-serialize-javascript - A flaw was found in npm-serialize-javascript. The vulnerability occurs because t...↗2024

▶