CVE-2026-23957

Name of the Vulnerable Software and Affected Versions seroval versions 1.4.0 and below

Description seroval facilitates JavaScript value stringification, including complex structures beyond the capabilities of JSON.stringify. In affected versions, replacing encoded array lengths with excessively large values causes a significant increase in processing time during deserialization. This can lead to performance issues or potential denial-of-service conditions.

Recommendations Update to version 1.4.1 or later. seroval no longer encodes array lengths; it computes length using Array.prototype.length during deserialization.