mend-for-github-com[bot]
commented
3 years ago :information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #53
Closed mend-for-github-com[bot] closed 3 years ago
mend-for-github-com[bot]
commented
3 years ago :information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #53
CVE-2019-16769 - Medium Severity Vulnerability
Serialize JavaScript to a superset of JSON that includes regular expressions and functions.
Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.5.0.tgz
Path to dependency file: doccano/app/server/static/package.json
Path to vulnerable library: doccano/app/server/static/node_modules/serialize-javascript/package.json
Dependency Hierarchy: - webpack-4.12.0.tgz (Root Library) - uglifyjs-webpack-plugin-1.2.5.tgz - :x: **serialize-javascript-1.5.0.tgz** (Vulnerable Library)
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.
Publish Date: 2019-12-05
URL: CVE-2019-16769
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16769
Release Date: 2019-12-05
Fix Resolution: v2.1.1