๐Ÿ” CVE Alert

CVE-2024-11831

MEDIUM 5.4

Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript

CVSS Score
5.4
EPSS Score
1.1%
EPSS Percentile
78th

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.

CWE CWE-79
Published Feb 10, 2025
Last Updated Apr 17, 2026
Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new medium vulnerabilities are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Affected Versions

Red Hat / Red Hat Advanced Cluster Security 4.4
All versions affected
Red Hat / Red Hat Advanced Cluster Security 4.5
All versions affected
Red Hat / Red Hat Ceph Storage 7.1
All versions affected
Red Hat / Red Hat Ceph Storage 8.1
All versions affected
Red Hat / Red Hat Ceph Storage 9.0
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / RHODF-4.14-RHEL-9
All versions affected
Red Hat / RHODF-4.14-RHEL-9
All versions affected
Red Hat / RHODF-4.14-RHEL-9
All versions affected
Red Hat / RHODF-4.15-RHEL-9
All versions affected
Red Hat / RHODF-4.15-RHEL-9
All versions affected
Red Hat / RHODF-4.15-RHEL-9
All versions affected
Red Hat / RHODF-4.16-RHEL-9
All versions affected
Red Hat / RHODF-4.16-RHEL-9
All versions affected
Red Hat / RHODF-4.16-RHEL-9
All versions affected
Red Hat / RHODF-4.17-RHEL-9
All versions affected
Red Hat / RHODF-4.17-RHEL-9
All versions affected
Red Hat / RHODF-4.17-RHEL-9
All versions affected
Red Hat / RHODF-4.18-RHEL-9
All versions affected
Red Hat / RHODF-4.18-RHEL-9
All versions affected
Red Hat / RHODF-4.18-RHEL-9
All versions affected
Red Hat / Red Hat Ceph Storage 8
All versions affected
Red Hat / Red Hat Ceph Storage 9
All versions affected
Red Hat / Red Hat OpenShift Pipelines 1.14.6
All versions affected
Red Hat / Red Hat OpenShift Pipelines 1.15
All versions affected
Red Hat / Red Hat OpenShift Pipelines 1.15
All versions affected
Red Hat / Red Hat OpenShift Pipelines 1.16
All versions affected
Red Hat / Red Hat OpenShift Pipelines 1.16
All versions affected
Red Hat / Red Hat OpenShift Pipelines 1.17
All versions affected
Red Hat / Red Hat OpenShift Pipelines 1.17
All versions affected
Red Hat / Red Hat OpenShift Pipelines 1.18.0
All versions affected
Red Hat / Red Hat OpenShift Pipelines 1.19
All versions affected
Red Hat / Cryostat 3
All versions affected
Red Hat / Logging Subsystem for Red Hat OpenShift
All versions affected
Red Hat / Migration Toolkit for Virtualization
All versions affected
Red Hat / .NET 6.0 on Red Hat Enterprise Linux
All versions affected
Red Hat / OpenShift Lightspeed
All versions affected
Red Hat / OpenShift Pipelines
All versions affected
Red Hat / OpenShift Pipelines
All versions affected
Red Hat / OpenShift Pipelines
All versions affected
Red Hat / OpenShift Serverless
All versions affected
Red Hat / OpenShift Service Mesh 2
All versions affected
Red Hat / OpenShift Service Mesh 2
All versions affected
Red Hat / Red Hat 3scale API Management Platform 2
All versions affected
Red Hat / Red Hat Advanced Cluster Management for Kubernetes 2
All versions affected
Red Hat / Red Hat Advanced Cluster Security 4
All versions affected
Red Hat / Red Hat Advanced Cluster Security 4
All versions affected
Red Hat / Red Hat Advanced Cluster Security 4
All versions affected
Red Hat / Red Hat Advanced Cluster Security 4
All versions affected
Red Hat / Red Hat Advanced Cluster Security 4
All versions affected
Red Hat / Red Hat Ansible Automation Platform 2
All versions affected
Red Hat / Red Hat Ansible Automation Platform 2
All versions affected
Red Hat / Red Hat Ansible Automation Platform 2
All versions affected
Red Hat / Red Hat Ansible Automation Platform 2
All versions affected
Red Hat / Red Hat build of Apache Camel - HawtIO 4
All versions affected
Red Hat / Red Hat build of Apicurio Registry 2
All versions affected
Red Hat / Red Hat build of OptaPlanner 8
All versions affected
Red Hat / Red Hat Ceph Storage 7
All versions affected
Red Hat / Red Hat Ceph Storage 7
All versions affected
Red Hat / Red Hat Ceph Storage 7
All versions affected
Red Hat / Red Hat Ceph Storage 8
All versions affected
Red Hat / Red Hat Ceph Storage 8
All versions affected
Red Hat / Red Hat Ceph Storage 9
All versions affected
Red Hat / Red Hat Ceph Storage 9
All versions affected
Red Hat / Red Hat Data Grid 8
All versions affected
Red Hat / Red Hat Developer Hub
All versions affected
Red Hat / Red Hat Discovery 1
All versions affected
Red Hat / Red Hat Enterprise Linux 10
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Fuse 7
All versions affected
Red Hat / Red Hat Integration Camel K 1
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift Container Platform 3.11
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4
All versions affected
Red Hat / Red Hat OpenShift Dev Spaces
All versions affected
Red Hat / Red Hat OpenShift Dev Spaces
All versions affected
Red Hat / Red Hat OpenShift Dev Spaces
All versions affected
Red Hat / Red Hat OpenShift distributed tracing 3
All versions affected
Red Hat / Red Hat OpenShift distributed tracing 3
All versions affected
Red Hat / Red Hat OpenShift distributed tracing 3
All versions affected
Red Hat / Red Hat OpenShift distributed tracing 3
All versions affected
Red Hat / Red Hat OpenShift distributed tracing 3
All versions affected
Red Hat / Red Hat OpenShift distributed tracing 3
All versions affected
Red Hat / Red Hat OpenShift distributed tracing 3
All versions affected
Red Hat / Red Hat Process Automation 7
All versions affected
Red Hat / Red Hat Quay 3
All versions affected
Red Hat / Red Hat Satellite 6
All versions affected
Red Hat / Red Hat Satellite 6
All versions affected
Red Hat / Red Hat Single Sign-On 7
All versions affected
Red Hat / Red Hat Trusted Profile Analyzer
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHBA-2025:0304 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:0381 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10853 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1334 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1468 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21068 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21203 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:3870 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:4511 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:8059 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:8078 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:8233 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:8479 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:8512 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:8544 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:8551 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9294 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1536 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2769 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8568 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-11831 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2312579 github.com: https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e github.com: https://github.com/yahoo/serialize-javascript/pull/173