CVE-2024-11831

5.4 MEDIUM

Published: February 10, 2025 Modified: November 28, 2025

Description

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://access.redhat.com/errata/RHBA-2025:0304

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:0381

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:10853

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:1334

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:1468

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:21068

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:21203

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:3870

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:4511

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:8059

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:8078

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:8233

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:8479

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:8512

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:8544

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:8551

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:9294

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2024-11831

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2312579

Source: secalert@redhat.com

https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e

Source: secalert@redhat.com

https://github.com/yahoo/serialize-javascript/pull/173

Source: secalert@redhat.com

21 reference(s) from NVD

Quick Stats

CVSS v3 Score

5.4 / 10.0

EPSS (Exploit Probability)

1.2%

79th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-79

Related CVEs

CVE-2025-69261 N/A

CVE-2025-69257 6.7

CVE-2025-69210 N/A

CVE-2025-66823 N/A

CVE-2025-50343 N/A