← Voltar para CVEs
CVE-2026-23956
HIGH7.5
Descricao
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegExp serialization with patterns that trigger catastrophic backtracking can lead to ReDoS (Regular Expression Denial of Service). This issue has been fixed in version 1.4.1.
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/22/2026
Ultima modificacao2/27/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
lxsmnsyc:seroval
Fraquezas (CWE)
CWE-1333
Referencias
https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060(security-advisories@github.com)
https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-hx9m-jf43-8ffr(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.