Bug#1102478: bookworm-pu: package node-serialize-javascript/6.0.0-2+deb12u1

To: Yadd <yadd@debian.org>, 1102478@bugs.debian.org
Subject: Bug#1102478: bookworm-pu: package node-serialize-javascript/6.0.0-2+deb12u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 10 May 2025 15:53:53 +0100
Message-id: <[🔎] ce59b7cfe3086c6a5c2326e54d5af583e5d5784e.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1102478@bugs.debian.org
In-reply-to: <174419994311.1843763.18322078719824765650.reportbug@yadd-217.xnr.fr>
References: <174419994311.1843763.18322078719824765650.reportbug@yadd-217.xnr.fr> <174419994311.1843763.18322078719824765650.reportbug@yadd-217.xnr.fr>

Control: tags -1 + confirmed

On Wed, 2025-04-09 at 13:59 +0200, Yadd wrote:
> A flaw was found in npm-serialize-javascript. The vulnerability
> occurs because the serialize-javascript module does not properly
> sanitize certain inputs, such as regex or other JavaScript object
> types, allowing an attacker to inject malicious code. This code could
> be executed when deserialized by a web browser, causing Cross-site
> scripting (XSS) attacks.

Please go ahead.

Regards,

Adam

Reply to:

Prev by Date: Bug#1102310: bookworm-pu: package node-send/0.18.0+~cs1.19.1-3+deb12u1
Next by Date: Processed: Re: Bug#1102478: bookworm-pu: package node-serialize-javascript/6.0.0-2+deb12u1
Previous by thread: Processed: Re: Bug#1102310: bookworm-pu: package node-send/0.18.0+~cs1.19.1-3+deb12u1
Next by thread: Processed: Re: Bug#1102478: bookworm-pu: package node-serialize-javascript/6.0.0-2+deb12u1
Index(es):
- Date
- Thread