CVE-2019-16772

The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:serialize-to-js_project:serialize-to-js:*:*:*:*:*:node.js:*:*

History

No history.

Information

Published : 2019-12-07 00:15

Updated : 2024-02-04 20:39


NVD link : CVE-2019-16772

Mitre link : CVE-2019-16772

CVE.ORG link : CVE-2019-16772


JSON object : View

Products Affected

serialize-to-js_project

  • serialize-to-js
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')