cve/2019/CVE-2019-16769.md

### [CVE-2019-16769](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16769)
![](https://img.shields.io/static/v1?label=Product&message=serialize-javascript&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%202.1.1%3C%202.1.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)

### Description

The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ossf-cve-benchmark/CVE-2019-16769
- https://github.com/ray-tracer96024/Unintentionally-Vulnerable-Hotel-Management-Website
- https://github.com/seal-community/patches
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-16769](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16769)`
			`![](https://img.shields.io/static/v1?label=Product&message=serialize-javascript&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3C%202.1.1%3C%202.1.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)`

			`### Description`

			The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/ossf-cve-benchmark/CVE-2019-16769`
			`- https://github.com/ray-tracer96024/Unintentionally-Vulnerable-Hotel-Management-Website`
			`- https://github.com/seal-community/patches`