ГлавнаяУязвимости → CVE-2026-23736
7.3высокая

CVE-2026-23736

Описание

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This vulnerability affects only JSON deserialization functionality. This issue is fixed in version 1.4.1.

Затрагиваемое ПО
Lxsmnsyc Seroval
CVSS
Балл7.3 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Источники
https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-hj76-42vx-jwp4