CVE-2024-11831

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 10, 2025

Updated: Feb 13, 2025

CWE ID 79

Summary

CVE-2024-11831: A critical vulnerability was discovered in the npm-serialize-javascript package. The serialize-javascript module fails to sanitize certain inputs, including regex and JavaScript object types, making it susceptible to malicious code injection. This issue poses a serious risk as the injected code could be executed in a web browser, leading to Cross-site scripting (XSS) attacks. Websites and web applications that rely on this package to serialize data for transmission to clients are at risk of being compromised.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/08k3tp
https://www.cve.org/CVERecord?id=CVE-2024-11831
https://nvd.nist.gov/vuln/detail/CVE-2024-11831

Back to Vulnerability Database

CVE-2024-11831

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations