Описание
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This vulnerability affects only JSON deserialization functionality. This issue is fixed in version 1.4.1.
EPSS
Процентиль: 14%
0.00047
Низкий
7.3 High
CVSS3
Дефекты
CWE-1321
Связанные уязвимости
CVSS3: 7.3
github
17 дней назад
seroval Affected by Prototype Pollution via JSON Deserialization
EPSS
Процентиль: 14%
0.00047
Низкий
7.3 High
CVSS3
Дефекты
CWE-1321