CVE-2019-16769

Опубликовано: 05 дек. 2019

Источник: nvd

CVSS3: 4.2

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.

Ссылки

https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx
Third Party Advisory
https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:verizon:serialize-javascript:*:*:*:*:*:node.js:*:*

Версия до 2.1.1 (исключая)

EPSS

Процентиль: 61%

0.00406

Низкий

4.2 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-16769

CVSS3: 5.4

redhat

почти 6 лет назад

GHSA-h9rv-jmmf-4pgx

CVSS3: 4.2

github

около 6 лет назад

Cross-Site Scripting in serialize-javascript

EPSS

Процентиль: 61%

0.00406

Низкий

4.2 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79