Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
seroval affected by Denial of Service via RegExp serialization
Vulnerability Description
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegExp serialization with patterns that trigger catastrophic backtracking can lead to ReDoS (Regular Expression Denial of Service). This issue has been fixed in version 1.4.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
CWE-1333
Vulnerability Title
seroval 安全漏洞
Vulnerability Description
seroval是Alexis H. Munsayac个人开发者的一个格式化Java库。 seroval 1.4.0及之前版本存在安全漏洞,该漏洞源于反序列化特制RegExp时可能耗尽内存或导致正则表达式拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A