Denial of Service Vulnerability in serialize-to-js through 1.1.1

Denial of Service Vulnerability in serialize-to-js through 1.1.1

CVE-2017-15871 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as demonstrated by a "function(){console.log(" call or a simple infinite loop. NOTE: the vendor agrees that denial of service can occur but notes that deserialize is explicitly listed as "harmful" within the README.md file

Learn more about our Web Application Penetration Testing UK.