Verizon Serialize-Javascript vulnerabilities

CVE-2026-34043 [MEDIUM] CWE-400 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects ### Impact **What kind of vulnerability is it?** It is a **Denial of Service (DoS)** vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object (an object that inherits from `Array.prototype` but has a very large `length` property), the process ente

CVE-2024-11831 [MEDIUM] CWE-79 Cross-site Scripting (XSS) in serialize-javascript Cross-site Scripting (XSS) in serialize-javascript A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issu

CVE-2020-7660 [HIGH] CWE-502 CVE-2020-7660: serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the functio serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".

CVE-2019-16769 [MEDIUM] CWE-79 CVE-2019-16769: The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes