Arbitrary Code Execution Vulnerability in serialize-to-js 0.5.0

Arbitrary Code Execution Vulnerability in serialize-to-js 0.5.0

CVE-2017-5954 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).

Learn more about our Web Application Penetration Testing UK.