CVE-2020-7660 (High) detected in serialize-javascript-2.1.2.tgz, serialize-javascript-1.6.1.tgz

## CVE-2020-7660 - High Severity Vulnerability
<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20> Vulnerable Libraries - serialize-javascript-2.1.2.tgz, serialize-javascript-1.6.1.tgz</summary>


<details><summary>serialize-javascript-2.1.2.tgz</summary>

Serialize JavaScript to a superset of JSON that includes regular expressions and functions.
Library home page: <a href="https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-2.1.2.tgz">https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-2.1.2.tgz</a>
Path to dependency file: /package.json
Path to vulnerable library: /package.json


Dependency Hierarchy:
 - build-angular-0.1100.0-rc.1.tgz (Root Library)
 - webpack-4.44.2.tgz
 - terser-webpack-plugin-1.4.3.tgz
 - :x: **serialize-javascript-2.1.2.tgz** (Vulnerable Library)
</details>
<details><summary>serialize-javascript-1.6.1.tgz</summary>

Serialize JavaScript to a superset of JSON that includes regular expressions and functions.
Library home page: <a href="https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.6.1.tgz">https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.6.1.tgz</a>
Path to dependency file: /integration/side-effects/package.json
Path to vulnerable library: /integration/side-effects/package.json


Dependency Hierarchy:
 - check-side-effects-0.0.21.tgz (Root Library)
 - rollup-plugin-terser-4.0.4.tgz
 - :x: **serialize-javascript-1.6.1.tgz** (Vulnerable Library)
</details>

Found in HEAD commit: <a href="https://github.com/turkdevops/angular/commit/c6aca37f442da8c55a02d7c53ccc58100ab004f3">c6aca37f442da8c55a02d7c53ccc58100ab004f3</a>
Found in base branch: labs/router

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20> Vulnerability Details</summary>
 
 
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".

Publish Date: 2020-06-01
URL: <a href=https://www.mend.io/vulnerability-database/CVE-2020-7660>CVE-2020-7660</a>

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20> CVSS 3 Score Details (8.1)</summary>


Base Score Metrics:
- Exploitability Metrics:
 - Attack Vector: Network
 - Attack Complexity: High
 - Privileges Required: None
 - User Interaction: None
 - Scope: Unchanged
- Impact Metrics:
 - Confidentiality Impact: High
 - Integrity Impact: High
 - Availability Impact: High

For more information on CVSS3 Scores, click <a href="https://www.first.org/cvss/calculator/3.0">here</a>.

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/suggested_fix.png' width=19 height=20> Suggested Fix</summary>


Type: Upgrade version
Origin: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7660">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7660</a>
Release Date: 2020-06-08
Fix Resolution (serialize-javascript): 3.1.0
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.1100.0Fix Resolution (serialize-javascript): 3.1.0
Direct dependency fix Resolution (check-side-effects): 0.0.23


</details>


***
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2020-7660 (High) detected in serialize-javascript-2.1.2.tgz, serialize-javascript-1.6.1.tgz #68

CVE-2020-7660 - High Severity Vulnerability

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2020-7660 (High) detected in serialize-javascript-2.1.2.tgz, serialize-javascript-1.6.1.tgz #68

Description

CVE-2020-7660 - High Severity Vulnerability

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions