Asymmetric denial of service - ReDoS In serialize-javascript
Description
Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service (DoS) vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object (an object that inherits from Array.prototype but has a very large length property), the process enters an intensive loop that consumes 100% CPU and hangs indefinitely. This issue has been patched in version 7.0.5.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 npm | 7.0.5 | ||
 rpm rhel8 | - | - | |
rpm rhel9 | 0:8.0.127-1.el9_8 | ||
rpm rhel10 | 0:8.0.127-1.el10_2 | ||
rpm rhel8 | 0:8.0.127-1.el8_10 | ||
 debian 13 | - | ||
debian 12 | - | ||
debian 11 | - | ||
debian 14 | 7.0.5+~5.0.4-1 | ||
rpm rhel9 | - | - |
Aliases
1. 2. 3. 4. 5. 6. 7.
References
1. 2. 3. 4.