Severity: moderate

    Cross-Site Scripting

    serialize-javascript

    Overview

    Versions of serialize-javascript prior to 2.1.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications.

    Remediation

    Upgrade to version 2.1.1 or later.

    Resources

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      Dec 10th, 2019
    2. reported

      Reported by Ryuichi Okumura
      Dec 9th, 2019