cve/CVE-2019-16769.md at 7482ec4521a75dd13882dc1283f17009c936e974

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.

POC

Reference

No PoCs from references.

Github

https://github.com/ossf-cve-benchmark/CVE-2019-16769
https://github.com/ray-tracer96024/Unintentionally-Vulnerable-Hotel-Management-Website
https://github.com/seal-community/patches

1.2 KiB Raw Blame History

CVE-2019-16769

Description

POC

Reference

Github

1.2 KiB

Raw Blame History