Cross-site Scripting Vulnerability in Serialize-Javascript by Yahoo
CVE-2024-11831

5.4MEDIUM

Key Information:

Vendor
Red Hat
Status
Red Hat Advanced Cluster Security 4.5
Cryostat 3
Logging Subsystem For Red Hat Openshift
Migration Toolkit For Applications 7
Vendor
CVE Published:
10 February 2025

Summary

A vulnerability exists in the serialize-javascript module due to inadequate sanitization of inputs, particularly JavaScript object types and regex expressions. This flaw allows attackers to inject malicious code that may be executed in a web browser context when the serialized data is deserialized. This poses significant risks in scenarios where the serialized outputs are shared with web clients, rendering the web applications reliant on this package susceptible to XSS attacks.

Affected Version(s)

Red Hat Advanced Cluster Security 4.5 4.5.6-2

References

https://access.redhat.com/errata/RHSA-2025:1334
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-11831
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2312579
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.