VDB
RHSA-2025%3A10853
RHSA-2025%3A10853
PUBLISHED
CVSS 5.400000095367432 MEDIUM
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
Risk Scores
CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:554d5e5caa71eb4fa3c5d4794333c4484a77d06e4d7d6d095edd18b3312a700e_ppc64le as a component of Red Hat OpenShift Pipelines 1.19 | registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:554d5e5caa71eb4fa3c5d4794333c4484a77d06e4d7d6d095edd18b3312a700e_ppc64le |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:576f23209d8bc4743c33d6c432bafddf6f68585ccd9dd4fc5620752cc717bf46_arm64 as a component of Red Hat OpenShift Pipelines 1.19 | registry.redhat.io/openshift-pipelines/pipelines-manual-approval-gate-controller-rhel9@sha256:576f23209d8bc4743c33d6c432bafddf6f68585ccd9dd4fc5620752cc717bf46_arm64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:7dee5051af38db4d7d720663c8f1567a528bccc2277fcf96a2113b286e277746_amd64 as a component of Red Hat OpenShift Pipelines 1.19 | registry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:7dee5051af38db4d7d720663c8f1567a528bccc2277fcf96a2113b286e277746_amd64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:b8257faa84459bbcc33ea9068719134c29d4b780692d8cc4155dc5f23d6c686d_arm64 as a component of Red Hat OpenShift Pipelines 1.19 | registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:b8257faa84459bbcc33ea9068719134c29d4b780692d8cc4155dc5f23d6c686d_arm64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:c30d516cec94618d64ce9036cac487d30a062103ddf67acf6fb39c04102c9813_ppc64le as a component of Red Hat OpenShift Pipelines 1.19 | registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:c30d516cec94618d64ce9036cac487d30a062103ddf67acf6fb39c04102c9813_ppc64le |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:ea4a7d04c1d031913a75751420f03c7fbe166a7340d9eaeae52406a4ccc5f705_arm64 as a component of Red Hat OpenShift Pipelines 1.19 | registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:ea4a7d04c1d031913a75751420f03c7fbe166a7340d9eaeae52406a4ccc5f705_arm64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:f4836de3b443052fa10f0ef3a21156a7971cda3e08e0bf73b563d9739896b1ff_amd64 as a component of Red Hat OpenShift Pipelines 1.19 | registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel9@sha256:f4836de3b443052fa10f0ef3a21156a7971cda3e08e0bf73b563d9739896b1ff_amd64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:e22a8ae4382a439e684362bca6dc4c70eab2b35c26cd65b14e7e8e0880cede69_arm64 as a component of Red Hat OpenShift Pipelines 1.19 | * |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel9@sha256:574ed06de9bb91d91095574575d7262885c483b0bd3a1107cbb137f3d3a55fdf_s390x as a component of Red Hat OpenShift Pipelines 1.19 | * |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:3e25fd3ea0220630c7530a9eca4e15646a63b9130ac65ba4b5295f593f532bd5_ppc64le as a component of Red Hat OpenShift Pipelines 1.19 | * |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:b201b70df4dd8e0a95256a2faf098944f4d7eb7c9816438ae65f43be9791f047_arm64 as a component of Red Hat OpenShift Pipelines 1.19 | registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9@sha256:b201b70df4dd8e0a95256a2faf098944f4d7eb7c9816438ae65f43be9791f047_arm64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:cdce4cec209f4dedce4ed6f33fbb952451f899b0b86b6b54b6c701f30ee34696_amd64 as a component of Red Hat OpenShift Pipelines 1.19 | registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:cdce4cec209f4dedce4ed6f33fbb952451f899b0b86b6b54b6c701f30ee34696_amd64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:9df71daf1b532e4ca4c43c965210567a844725d6b9d84b2288ef0e02f0096d9c_arm64 as a component of Red Hat OpenShift Pipelines 1.19 | * |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f647b2fbcecaa97bc36964597c1d2a6ab7b5b407a4b3bd39fa9e2de5aeb020d6_ppc64le as a component of Red Hat OpenShift Pipelines 1.19 | registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel9@sha256:f647b2fbcecaa97bc36964597c1d2a6ab7b5b407a4b3bd39fa9e2de5aeb020d6_ppc64le |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel9@sha256:4acdbbb940083c0f4e3af524383e24f410a93a9bac32e67714d682142de36e1f_amd64 as a component of Red Hat OpenShift Pipelines 1.19 | * |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:cecde5e2c8e69d52a740cc72c6d07993a26fb218c3bfd1acbd2fd8a730c5116d_amd64 as a component of Red Hat OpenShift Pipelines 1.19 | registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:cecde5e2c8e69d52a740cc72c6d07993a26fb218c3bfd1acbd2fd8a730c5116d_amd64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:54d4ac4dd872a48ccf057260a3abb8a984a03676ecf34583521dee3414ab04ad_amd64 as a component of Red Hat OpenShift Pipelines 1.19 | registry.redhat.io/openshift-pipelines/pipelines-cache-rhel9@sha256:54d4ac4dd872a48ccf057260a3abb8a984a03676ecf34583521dee3414ab04ad_amd64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9@sha256:ca04fa9ff04b7d1b97d52ef3d406c86d4d8691b8f551ea0389aeaf1288e48f10_arm64 as a component of Red Hat OpenShift Pipelines 1.19 | * |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:b74d2ee54245d57ce4b9a64457df4c592d13f17a19342a15a9a5b804a8ed391c_arm64 as a component of Red Hat OpenShift Pipelines 1.19 | registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:b74d2ee54245d57ce4b9a64457df4c592d13f17a19342a15a9a5b804a8ed391c_arm64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:2ce0f317c1cc9cc6e2133f2eaddfe898d964af5226e9086cac25158aed62945f_arm64 as a component of Red Hat OpenShift Pipelines 1.19 | registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:2ce0f317c1cc9cc6e2133f2eaddfe898d964af5226e9086cac25158aed62945f_arm64 |
…and 212 more
Timeline
- Jul 14, 2025 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:10853 advisory
- https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://access.redhat.com/security/cve/cve-2024-21536 advisory
- https://access.redhat.com/security/cve/cve-2024-11831 advisory
- https://access.redhat.com/security/cve/cve-2024-48949 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10853.json advisory
- https://access.redhat.com/security/cve/CVE-2024-11831 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2312579 issue
- https://www.cve.org/CVERecord?id=CVE-2024-11831 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-11831 advisory
- https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e advisory
- https://github.com/yahoo/serialize-javascript/pull/173 advisory
- https://access.redhat.com/security/cve/CVE-2024-21536 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2319884 issue
- https://www.cve.org/CVERecord?id=CVE-2024-21536 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-21536 advisory
- https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a advisory
- https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5 advisory
- https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22 advisory
…and 7 more