← Back to CVE List

CVE-2019-16769

Published: 2019-12-05T19:15Z
Last Modified: 2024-11-21T04:31Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt