Описание
seroval Affected by Prototype Pollution via JSON Deserialization
Due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This affects only JSON deserialization functionality.
As there is no known workaround, please upgrade to the latest version.
Пакеты
Наименование
seroval
npm
Затронутые версииВерсия исправления
< 1.4.1
1.4.1
Связанные уязвимости
CVSS3: 7.3
nvd
16 дней назад
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This vulnerability affects only JSON deserialization functionality. This issue is fixed in version 1.4.1.