Description

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.

INFO

Published Date :

2025-02-10T15:27:46.732Z

Last Modified :

2026-04-30T13:30:50.067Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-11831 vulnerability.

Vendors Products
Redhat
  • Acm
  • Advanced Cluster Security
  • Ansible Automation Platform
  • Apache Camel Hawtio
  • Ceph Storage
  • Cryostat
  • Discovery
  • Enterprise Linux
  • Integration
  • Jboss Data Grid
  • Jboss Enterprise Application Platform
  • Jboss Enterprise Bpms Platform
  • Jboss Fuse
  • Jbosseapxp
  • Logging
  • Migration Toolkit Virtualization
  • Openshift
  • Openshift Ai
  • Openshift Data Foundation
  • Openshift Devspaces
  • Openshift Distributed Tracing
  • Openshift Lightspeed
  • Openshift Pipelines
  • Optaplanner
  • Quay
  • Red Hat 3scale Amp
  • Red Hat Single Sign On
  • Rhdh
  • Rhel Dotnet
  • Satellite
  • Serverless
  • Service Mesh
  • Service Registry
  • Trusted Profile Analyzer

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact