Arbitrary Code Injection in serialize-javascript by Yahoo
CVE-2020-7660

8.1HIGH

Key Information:

Vendor: Verizon
Status: Serialize-javascript
Vendor: CVE Published:; 1 June 2020

What is CVE-2020-7660?

The serialize-javascript library, used for serializing JavaScript objects, is vulnerable to a code injection attack. Prior to version 3.1.0, this vulnerability allows remote attackers to exploit the 'deleteFunctions' function in index.js, enabling them to inject and execute arbitrary code. This can potentially lead to significant security breaches, making it crucial for developers to update to the latest version to safeguard their applications.

Affected Version(s)

serialize-javascript All versions prior to version 3.1.0

References

https://github.com/yahoo/serialize-javascript/commit/f21a...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2020
Vulnerability Reserved
Jan 21, 2020

CVE-2020-7660 Data

JSON

Verizon

What is CVE-2020-7660?

Affected Version(s)

References

CVSS V3.1

Timeline