CVE-2024-11831
Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Productos afectados
serialize-javascriptRed Hat · Cryostat 3Red Hat · Logging Subsystem for Red Hat OpenShiftRed Hat · Migration Toolkit for VirtualizationRed Hat · .NET 6.0 on Red Hat Enterprise LinuxRed Hat · OpenShift LightspeedRed Hat · OpenShift PipelinesRed Hat · OpenShift ServerlessRed Hat · OpenShift Service Mesh 2Red Hat · Red Hat 3scale API Management Platform 2Red Hat · Red Hat Advanced Cluster Management for Kubernetes 2Red Hat · Red Hat Advanced Cluster Security 4Red Hat · Red Hat Advanced Cluster Security 4.4Red Hat · Red Hat Advanced Cluster Security 4.5Red Hat · Red Hat Ansible Automation Platform 2Red Hat · Red Hat build of Apache Camel - HawtIO 4Red Hat · Red Hat build of Apicurio Registry 2Red Hat · Red Hat build of OptaPlanner 8Red Hat · Red Hat Ceph Storage 7Red Hat · Red Hat Ceph Storage 7.1Red Hat · Red Hat Ceph Storage 8Red Hat · Red Hat Ceph Storage 8.1Red Hat · Red Hat Ceph Storage 9Red Hat · Red Hat Ceph Storage 9.0Red Hat · Red Hat Data Grid 8Red Hat · Red Hat Developer HubRed Hat · Red Hat Discovery 1Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Fuse 7Red Hat · Red Hat Integration Camel K 1Red Hat · Red Hat In-Vehicle Operating System 1Red Hat · Red Hat JBoss Enterprise Application Platform 7Red Hat · Red Hat JBoss Enterprise Application Platform 8Red Hat · Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat · Red Hat OpenShift AI (RHOAI)Red Hat · Red Hat OpenShift Container Platform 3.11Red Hat · Red Hat OpenShift Container Platform 4Red Hat · Red Hat OpenShift Dev SpacesRed Hat · Red Hat OpenShift distributed tracing 3Red Hat · Red Hat OpenShift Pipelines 1.14.6Red Hat · Red Hat OpenShift Pipelines 1.15Red Hat · Red Hat OpenShift Pipelines 1.16Red Hat · Red Hat OpenShift Pipelines 1.17Red Hat · Red Hat OpenShift Pipelines 1.18.0Red Hat · Red Hat OpenShift Pipelines 1.19Red Hat · Red Hat Process Automation 7Red Hat · Red Hat Quay 3Red Hat · Red Hat Satellite 6Red Hat · Red Hat Single Sign-On 7Red Hat · Red Hat Trusted Profile AnalyzerRed Hat · RHODF-4.14-RHEL-9Red Hat · RHODF-4.15-RHEL-9Red Hat · RHODF-4.16-RHEL-9Red Hat · RHODF-4.17-RHEL-9Red Hat · RHODF-4.18-RHEL-9¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHBA-2025:0304https://access.redhat.com/errata/RHSA-2025:0381https://access.redhat.com/errata/RHSA-2025:10853https://access.redhat.com/errata/RHSA-2025:1334https://access.redhat.com/errata/RHSA-2025:1468https://access.redhat.com/errata/RHSA-2025:21068https://access.redhat.com/errata/RHSA-2025:21203https://access.redhat.com/errata/RHSA-2025:3870https://access.redhat.com/errata/RHSA-2025:4511https://access.redhat.com/errata/RHSA-2025:8059https://access.redhat.com/errata/RHSA-2025:8078https://access.redhat.com/errata/RHSA-2025:8233