CVE-2024-11831

MEDIUM(5.4)

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Risk Signal Score14/100 — NIEDRIG

CVSS 5.4 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

5.4

Technische Schwere

Beschreibung

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.

Referenzen

https://access.redhat.com/errata/RHBA-2025:0304
https://access.redhat.com/errata/RHSA-2025:0381
https://access.redhat.com/errata/RHSA-2025:10853
https://access.redhat.com/errata/RHSA-2025:1334
https://access.redhat.com/errata/RHSA-2025:1468
https://access.redhat.com/errata/RHSA-2025:21068
https://access.redhat.com/errata/RHSA-2025:21203
https://access.redhat.com/errata/RHSA-2025:3870
https://access.redhat.com/errata/RHSA-2025:4511
https://access.redhat.com/errata/RHSA-2025:8059