- Description
- A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
- Source
- secalert@redhat.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- secalert@redhat.com
- CWE-79
- Hype score
- Not currently trending
🚨 CVE-2024-11831 🟠 MEDIUM (5.4) 🏢 Red Hat - Cryostat 3 🏗️ None 🔗 https://t.co/RwQEw9bFDJ 🔗 https://t.co/vLzAVn3PGD 🔗 https://t.co/3m2QoBZEL6 🔗 https://t.co/Oljt2JKDH9 #CyberCron #VulnAlert https://t.co/mNHwBAvr7W
@cybercronai
10 Feb 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11831 A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as rege… https://t.co/8i1BhUkBvJ
@CVEnew
10 Feb 2025
261 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2024-11831 | npm-serialize-javascript up to 6.0.1 cross site scripting) has been published on https://t.co/qBYaXeA186
@WolfgangSesin
10 Feb 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes