CVE-2024-11831

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
redhatCNA
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Debian logo
Debian Releases
Debian Product
Codename
node-serialize-javascript
bullseye
5.0.1-2
not-affected
bookworm
6.0.0-2+deb12u1
fixed
forky
6.0.2-1
fixed
sid
6.0.2-1
fixed
trixie
6.0.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
node-serialize-javascript
questing
needs-triage
plucky
needs-triage
oracular
ignored
noble
needs-triage
jammy
needs-triage
focal
dne
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHBA-2025:0304
https://access.redhat.com/errata/RHSA-2025:0381
https://access.redhat.com/errata/RHSA-2025:10853
https://access.redhat.com/errata/RHSA-2025:1334
https://access.redhat.com/errata/RHSA-2025:1468
https://access.redhat.com/errata/RHSA-2025:21068
https://access.redhat.com/errata/RHSA-2025:21203
https://access.redhat.com/errata/RHSA-2025:3870
https://access.redhat.com/errata/RHSA-2025:4511
https://access.redhat.com/errata/RHSA-2025:8059
https://access.redhat.com/errata/RHSA-2025:8078
https://access.redhat.com/errata/RHSA-2025:8233
https://access.redhat.com/errata/RHSA-2025:8479
https://access.redhat.com/errata/RHSA-2025:8512
https://access.redhat.com/errata/RHSA-2025:8544
https://access.redhat.com/errata/RHSA-2025:8551
https://access.redhat.com/errata/RHSA-2025:9294
https://access.redhat.com/security/cve/CVE-2024-11831
https://bugzilla.redhat.com/show_bug.cgi?id=2312579
https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e
https://github.com/yahoo/serialize-javascript/pull/173