CVE-2026-34043
EUVD-2026-1728831.03.2026, 03:15
Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service (DoS) vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object (an object that inherits from Array.prototype but has a very large length property), the process enters an intensive loop that consumes 100% CPU and hangs indefinitely. This issue has been patched in version 7.0.5.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| yahoo | serialize | 𝑥 < 7.0.5 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| yahoo | serialize_javascript | 𝑥 < 7.0.5 | CNA |
Debian Releases
Red Hat Enterprise Linux Releases
Red Hat Product | |||||
|---|---|---|---|---|---|
| aspnetcore-runtime-8.0 |
| ||||
| aspnetcore-runtime-dbg-8.0 |
| ||||
| aspnetcore-targeting-pack-8.0 |
| ||||
| dotnet-apphost-pack-8.0 |
| ||||
| dotnet-hostfxr-8.0 |
| ||||
| dotnet-runtime-8.0 |
| ||||
| dotnet-runtime-dbg-8.0 |
| ||||
| dotnet-sdk-8.0 |
| ||||
| dotnet-sdk-8.0-source-built-artifacts |
| ||||
| dotnet-sdk-dbg-8.0 |
| ||||
| dotnet-targeting-pack-8.0 |
| ||||
| dotnet-templates-8.0 |
|