Tomeraberbach

**Name of the Vulnerable Software and Affected Versions** serialize-javascript versions prior to 7.0.5 **Description** This issue involves a Denial of Service (DoS) caused by CPU exhaustion. When serializing a specially crafted "array-like" object – an object inheriting from `Array.prototype` with a very large `length` property – the process enters an intensive loop, consuming 100% CPU and causing indefinite hanging. The vulnerability occurs when using the `serialize()` function with untrusted or user-controlled objects. The issue is exacerbated if the application is also vulnerable to Prototype Pollution or handles untrusted data via YAML Deserialization, as these could be used to inject the malicious object. The problem was addressed by replacing `instanceof Array` checks with `Array.isArray()` and using `Object.keys()` for sparse array detection. **Recommendations** Upgrade to version 7.0.5 or later.