CVE-2024-11831
Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript
Severity Score
5.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes. The updated image includes security fixes. Issues addressed include bypass, cross site scripting, and denial of service vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-11-26 CVE Reserved
- 2025-02-10 CVE Published
- 2025-02-14 EPSS Updated
- 2025-03-12 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e | ||
| https://github.com/yahoo/serialize-javascript/pull/173 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-11831 | 2025-02-10 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2312579 | 2025-02-10 | |
| https://access.redhat.com/errata/RHSA-2025:1334 | 2025-03-12 | |
| https://access.redhat.com/errata/RHSA-2025:1468 | 2025-03-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Red Hat Search vendor "Red Hat" | Enterprise Linux Search vendor "Red Hat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | 3scale Search vendor "Redhat" for product "3scale" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Acm Search vendor "Redhat" for product "Acm" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Advanced Cluster Management For Kubernetes Search vendor "Redhat" for product "Advanced Cluster Management For Kubernetes" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Advanced Cluster Security Search vendor "Redhat" for product "Advanced Cluster Security" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Automation Platform Search vendor "Redhat" for product "Ansible Automation Platform" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Build Keycloak Search vendor "Redhat" for product "Build Keycloak" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Build Of Keycloak Search vendor "Redhat" for product "Build Of Keycloak" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Build Of Optaplanner Search vendor "Redhat" for product "Build Of Optaplanner" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Cryostat Search vendor "Redhat" for product "Cryostat" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Data Grid Search vendor "Redhat" for product "Data Grid" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Discovery Search vendor "Redhat" for product "Discovery" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Integration Search vendor "Redhat" for product "Integration" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Integration Camel K Search vendor "Redhat" for product "Integration Camel K" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Data Grid Search vendor "Redhat" for product "Jboss Data Grid" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Bpms Platform Search vendor "Redhat" for product "Jboss Enterprise Bpms Platform" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Fuse Search vendor "Redhat" for product "Jboss Fuse" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jbosseapxp Search vendor "Redhat" for product "Jbosseapxp" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Logging Search vendor "Redhat" for product "Logging" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Logging Subsystem For Red Hat Openshift Search vendor "Redhat" for product "Logging Subsystem For Red Hat Openshift" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Migration Toolkit Search vendor "Redhat" for product "Migration Toolkit" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Migration Toolkit Applications Search vendor "Redhat" for product "Migration Toolkit Applications" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Migration Toolkit Virtualization Search vendor "Redhat" for product "Migration Toolkit Virtualization" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Search vendor "Redhat" for product "Openshift" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Ai Search vendor "Redhat" for product "Openshift Ai" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Data Foundation Search vendor "Redhat" for product "Openshift Data Foundation" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Devspaces Search vendor "Redhat" for product "Openshift Devspaces" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Distributed Tracing Search vendor "Redhat" for product "Openshift Distributed Tracing" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Lightspeed Search vendor "Redhat" for product "Openshift Lightspeed" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Pipelines Search vendor "Redhat" for product "Openshift Pipelines" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Optaplanner Search vendor "Redhat" for product "Optaplanner" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Process Automation Search vendor "Redhat" for product "Process Automation" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Quay Search vendor "Redhat" for product "Quay" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Red Hat 3scale Amp Search vendor "Redhat" for product "Red Hat 3scale Amp" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Red Hat Single Sign On Search vendor "Redhat" for product "Red Hat Single Sign On" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhboac Hawtio Search vendor "Redhat" for product "Rhboac Hawtio" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhdh Search vendor "Redhat" for product "Rhdh" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Dotnet Search vendor "Redhat" for product "Rhel Dotnet" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Satellite Search vendor "Redhat" for product "Satellite" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Serverless Search vendor "Redhat" for product "Serverless" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Service Mesh Search vendor "Redhat" for product "Service Mesh" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Service Registry Search vendor "Redhat" for product "Service Registry" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Trusted Profile Analyzer Search vendor "Redhat" for product "Trusted Profile Analyzer" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Search vendor "Redhat" for product "Openshift" | * | - |
Affected
| ||||||