All the vulnerabilities related to the version 1.2.0 of the package
Cross-Site Scripting in serialize-to-js
Versions of serialize-to-js prior to 3.0.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications.
Upgrade to version 3.0.1 or later.
Denial of Service in serialize-to-js
Versions of serialize-to-js prior to 2.0.0 are vulnerable to Denial of Service. User input is not properly validated, allowing attackers to provide inputs that lead the execution to loop indefinitely.
Upgrade to version 2.0.0 or later.
Sandbox Breakout / Arbitrary Code Execution in safer-eval
All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. It is possible to escape the sandbox by forcing exceptions recursively in the evaluated code. This may allow attacker to execute arbitrary code in the system.
The package is not suited to receive arbitrary user input. Consider using an alternative package.
Sandbox Breakout / Arbitrary Code Execution in safer-eval
All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context and is not suited to process arbitrary user input. This may allow attackers to execute arbitrary code in the system.
The package is not meant to receive user input. Consider using an alternative package until a fix is made available.
