CVE-2019-16772

Name of the Vulnerable Software and Affected Versions serialize-to-js versions prior to 3.0.1

Description The issue arises from the improper handling of unsafe characters in serialized regular expressions, leading to Cross-site Scripting (XSS). This problem does not affect Node.js applications due to Node.js's implementation of RegExp.prototype.toString(), which backslash-escapes all forward slashes in regular expressions. The vulnerability is relevant when serialized data of regular expression objects are used in environments other than Node.js.

Recommendations Upgrade to version 3.0.1 or later.