CVE-2024-11831
Published: Feb 10, 2025
Modified: Jun 2, 2026
CVSS v3.1
5.4
Description
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
| Vendor | Product | Versions |
|---|---|---|
Unknown | serialize-javascript | affected 6.0 - < 6.0.2 |
Red Hat | Red Hat Advanced Cluster Security 4.4 | unaffected 4.4.8-2 - < * |
Red Hat | Red Hat Advanced Cluster Security 4.5 | unaffected 4.5.6-2 - < * |
Red Hat | Red Hat Ceph Storage 7.1 | unaffected 2:18.2.1-381.el8cp - < * |
Red Hat | Red Hat Ceph Storage 8.1 | unaffected 2:19.2.1-292.el9cp - < * |
Red Hat | Red Hat Ceph Storage 9.0 | unaffected 2:20.1.0-144.el10cp - < * |
Red Hat | Red Hat Enterprise Linux 8 | unaffected 0:8.0.112-1.el8_10 - < * |
Red Hat | Red Hat Enterprise Linux 9 | unaffected 0:8.0.112-1.el9_5 - < * |
Red Hat | RHODF-4.14-RHEL-9 | unaffected v4.14.18-2 - < * |
Red Hat | RHODF-4.14-RHEL-9 | unaffected v4.14.18-3 - < * |
Red Hat | RHODF-4.14-RHEL-9 | unaffected v4.14.18-2 - < * |
Red Hat | RHODF-4.15-RHEL-9 | unaffected v4.15.14-2 - < * |
Red Hat | RHODF-4.15-RHEL-9 | unaffected v4.15.14-2 - < * |
Red Hat | RHODF-4.15-RHEL-9 | unaffected v4.15.14-2 - < * |
Red Hat | RHODF-4.16-RHEL-9 | unaffected v4.16.10-4 - < * |
Red Hat | RHODF-4.16-RHEL-9 | unaffected v4.16.10-4 - < * |
Red Hat | RHODF-4.16-RHEL-9 | unaffected v4.16.10-3 - < * |
Red Hat | RHODF-4.17-RHEL-9 | unaffected v4.17.7-2 - < * |
Red Hat | RHODF-4.17-RHEL-9 | unaffected v4.17.7-2 - < * |
Red Hat | RHODF-4.17-RHEL-9 | unaffected v4.17.7-2 - < * |
Red Hat | RHODF-4.18-RHEL-9 | unaffected v4.18.2-8 - < * |
Red Hat | RHODF-4.18-RHEL-9 | unaffected v4.18.2-7 - < * |
Red Hat | RHODF-4.18-RHEL-9 | unaffected v4.18.2-8 - < * |
Red Hat | Red Hat Ceph Storage 8 | unaffected 8 - < * |
Red Hat | Red Hat Ceph Storage 9 | unaffected 1776359884 - < * |
Red Hat | Red Hat OpenShift Pipelines 1.14.6 | unaffected v1.14.6-1744143767 - < * |
Red Hat | Red Hat OpenShift Pipelines 1.15 | unaffected v1.15.3-1746939886 - < * |
Red Hat | Red Hat OpenShift Pipelines 1.15 | unaffected v1.15.3-1746936251 - < * |
Red Hat | Red Hat OpenShift Pipelines 1.16 | unaffected v1.16.4-1747983385 - < * |
Red Hat | Red Hat OpenShift Pipelines 1.16 | unaffected v1.16.4-1747979846 - < * |
Red Hat | Red Hat OpenShift Pipelines 1.17 | unaffected v1.17.2-1749452800 - < * |
Red Hat | Red Hat OpenShift Pipelines 1.17 | unaffected v1.17.2-1750066936 - < * |
Red Hat | Red Hat OpenShift Pipelines 1.18.0 | unaffected v1.18.1-1747749913 - < * |
Red Hat | Red Hat OpenShift Pipelines 1.19 | unaffected v1.19.0-1752127853 - < * |
Red Hat | Cryostat 3 | All versions |
Red Hat | Logging Subsystem for Red Hat OpenShift | All versions |
Red Hat | Migration Toolkit for Virtualization | All versions |
Red Hat | .NET 6.0 on Red Hat Enterprise Linux | All versions |
Red Hat | OpenShift Lightspeed | All versions |
Red Hat | OpenShift Pipelines | All versions |
Red Hat | OpenShift Pipelines | All versions |
Red Hat | OpenShift Pipelines | All versions |
Red Hat | OpenShift Serverless | All versions |
Red Hat | OpenShift Service Mesh 2 | All versions |
Red Hat | OpenShift Service Mesh 2 | All versions |
Red Hat | Red Hat 3scale API Management Platform 2 | All versions |
Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2 | All versions |
Red Hat | Red Hat Advanced Cluster Security 4 | All versions |
Red Hat | Red Hat Advanced Cluster Security 4 | All versions |
Red Hat | Red Hat Advanced Cluster Security 4 | All versions |
Red Hat | Red Hat Advanced Cluster Security 4 | All versions |
Red Hat | Red Hat Advanced Cluster Security 4 | All versions |
Red Hat | Red Hat Ansible Automation Platform 2 | All versions |
Red Hat | Red Hat Ansible Automation Platform 2 | All versions |
Red Hat | Red Hat Ansible Automation Platform 2 | All versions |
Red Hat | Red Hat Ansible Automation Platform 2 | All versions |
Red Hat | Red Hat build of Apache Camel - HawtIO 4 | All versions |
Red Hat | Red Hat build of Apicurio Registry 2 | All versions |
Red Hat | Red Hat build of OptaPlanner 8 | All versions |
Red Hat | Red Hat Ceph Storage 7 | All versions |
Red Hat | Red Hat Ceph Storage 7 | All versions |
Red Hat | Red Hat Ceph Storage 7 | All versions |
Red Hat | Red Hat Ceph Storage 8 | All versions |
Red Hat | Red Hat Ceph Storage 8 | All versions |
Red Hat | Red Hat Ceph Storage 9 | All versions |
Red Hat | Red Hat Ceph Storage 9 | All versions |
Red Hat | Red Hat Data Grid 8 | All versions |
Red Hat | Red Hat Developer Hub | All versions |
Red Hat | Red Hat Discovery 1 | All versions |
Red Hat | Red Hat Enterprise Linux 10 | All versions |
Red Hat | Red Hat Enterprise Linux 8 | All versions |
Red Hat | Red Hat Enterprise Linux 8 | All versions |
Red Hat | Red Hat Enterprise Linux 8 | All versions |
Red Hat | Red Hat Enterprise Linux 9 | All versions |
Red Hat | Red Hat Enterprise Linux 9 | All versions |
Red Hat | Red Hat Enterprise Linux 9 | All versions |
Red Hat | Red Hat Fuse 7 | All versions |
Red Hat | Red Hat Integration Camel K 1 | All versions |
Red Hat | Red Hat JBoss Enterprise Application Platform 7 | All versions |
Red Hat | Red Hat JBoss Enterprise Application Platform 8 | All versions |
Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | All versions |
Red Hat | Red Hat OpenShift AI (RHOAI) | All versions |
Red Hat | Red Hat OpenShift AI (RHOAI) | All versions |
Red Hat | Red Hat OpenShift AI (RHOAI) | All versions |
Red Hat | Red Hat OpenShift AI (RHOAI) | All versions |
Red Hat | Red Hat OpenShift AI (RHOAI) | All versions |
Red Hat | Red Hat OpenShift AI (RHOAI) | All versions |
Red Hat | Red Hat OpenShift AI (RHOAI) | All versions |
Red Hat | Red Hat OpenShift AI (RHOAI) | All versions |
Red Hat | Red Hat OpenShift AI (RHOAI) | All versions |
Red Hat | Red Hat OpenShift AI (RHOAI) | All versions |
Red Hat | Red Hat OpenShift AI (RHOAI) | All versions |
Red Hat | Red Hat OpenShift AI (RHOAI) | All versions |
Red Hat | Red Hat OpenShift AI (RHOAI) | All versions |
Red Hat | Red Hat OpenShift Container Platform 3.11 | All versions |
Red Hat | Red Hat OpenShift Container Platform 4 | All versions |
Red Hat | Red Hat OpenShift Dev Spaces | All versions |
Red Hat | Red Hat OpenShift Dev Spaces | All versions |
Red Hat | Red Hat OpenShift Dev Spaces | All versions |
Red Hat | Red Hat OpenShift distributed tracing 3 | All versions |
Red Hat | Red Hat OpenShift distributed tracing 3 | All versions |
Red Hat | Red Hat OpenShift distributed tracing 3 | All versions |
Red Hat | Red Hat OpenShift distributed tracing 3 | All versions |
Red Hat | Red Hat OpenShift distributed tracing 3 | All versions |
Red Hat | Red Hat OpenShift distributed tracing 3 | All versions |
Red Hat | Red Hat OpenShift distributed tracing 3 | All versions |
Red Hat | Red Hat Process Automation 7 | All versions |
Red Hat | Red Hat Quay 3 | All versions |
Red Hat | Red Hat Satellite 6 | All versions |
Red Hat | Red Hat Satellite 6 | All versions |
Red Hat | Red Hat Single Sign-On 7 | All versions |
Red Hat | Red Hat Trusted Profile Analyzer | All versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now