OR
     *cpe:2.3:a:verizon:serialize-javascript:*:*:*:*:*:*:*:* versions up to (excluding) 2.1.1

OR
     *cpe:2.3:a:verizon:serialize-javascript:*:*:*:*:*:node.js:*:* versions up to (excluding) 2.1.1

NIST AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

NIST AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

OR
     *cpe:2.3:a:verizon:serialize-javascript:*:*:*:*:*:*:*:* versions up to (excluding) 2.1.1

NIST (AV:N/AC:M/Au:S/C:N/I:P/A:N)

Victim must voluntarily interact with attack mechanism

NIST AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

NIST CWE-79

https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx No Types Assigned

https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx Third Party Advisory

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.

The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulne