Lxsmnsyc

**Name of the Vulnerable Software and Affected Versions** Seroval versions 1.4.0 and below **Description** Seroval allows JavaScript value stringification, including complex structures beyond the capabilities of JSON.stringify. In versions 1.4.0 and below, serializing objects with significant depth can cause a maximum call stack limit error. Version 1.4.1 introduces a `depthLimit` parameter in serialization/deserialization methods, which throws an error if the depth limit is exceeded. **Recommendations** Update to version 1.4.1 or later.

**Name of the Vulnerable Software and Affected Versions** seroval versions 1.4.0 and below **Description** seroval provides JavaScript value stringification, handling complex structures beyond the capabilities of JSON.stringify. A flaw in input validation in versions 1.4.0 and below can lead to prototype pollution during JSON deserialization when processing malicious object keys. This issue specifically impacts the JSON deserialization functionality. **Recommendations** Update to version 1.4.1 or later.

**Name of the Vulnerable Software and Affected Versions** seroval versions 1.4.0 and below **Description** seroval is a JavaScript library that facilitates value stringification, including complex structures. In versions 1.4.0 and below, overriding RegExp serialization with excessively large patterns can exhaust JavaScript runtime memory during deserialization. Overriding RegExp serialization with patterns that trigger catastrophic backtracking can lead to ReDoS (Regular Expression Denial of Service). Catastrophic backtracking is a condition where a regular expression engine takes an extremely long time to complete its search due to the structure of the pattern. **Recommendations** Configure `disabledFeatures` to disable RegExp serialization entirely.