Description
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
Remediation
References
https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd
Related Vulnerabilities
CVE-2021-21344 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2022-29257 Vulnerability in maven package org.webjars.npm:electron
CVE-2020-26870 Vulnerability in npm package dompurify
CVE-2023-24162 Vulnerability in maven package cn.hutool:hutool-all
CVE-2016-10726 Vulnerability in maven package org.dspace:dspace-xmlui