VDB
RHSA-2025%3A8233
RHSA-2025%3A8233
PUBLISHED
CVSS 5.400000095367432 MEDIUM
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
Risk Scores
CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:bc7b065877324cfad1e58f554b31c98c7dcf0d33a45ca1b1d6b399b04ada0296_s390x as a component of Red Hat OpenShift Pipelines 1.18.0 | registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:bc7b065877324cfad1e58f554b31c98c7dcf0d33a45ca1b1d6b399b04ada0296_s390x |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:7d1bc69d4eea7ec4e0e437e619ad6bd69252a3c36084ab0f9dd1e23e6201e58a_arm64 as a component of Red Hat OpenShift Pipelines 1.18.0 | registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:7d1bc69d4eea7ec4e0e437e619ad6bd69252a3c36084ab0f9dd1e23e6201e58a_arm64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:864a0ebb9468872d6063514830a116cfa3b0bec14f28f9a7601801ee49c7af06_ppc64le as a component of Red Hat OpenShift Pipelines 1.18.0 | * |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:4f9085bc428944a03c886c026154c00d5c1d2aadf5015bd1bef7282999804a32_amd64 as a component of Red Hat OpenShift Pipelines 1.18.0 | * |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:484398c5cb2ce7b6a007ca8b6b572b5d9555190244598e1cddb2b2cca8775fd8_s390x as a component of Red Hat OpenShift Pipelines 1.18.0 | registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:484398c5cb2ce7b6a007ca8b6b572b5d9555190244598e1cddb2b2cca8775fd8_s390x |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:e338859b9d98f0578b9cb73f928374fdedb11b117a37d3ba8996b15c6cb28b6e_s390x as a component of Red Hat OpenShift Pipelines 1.18.0 | registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel9@sha256:e338859b9d98f0578b9cb73f928374fdedb11b117a37d3ba8996b15c6cb28b6e_s390x |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:294c23a3c2eb5f4fc3e3f459e7ec4ffd39ee93a5dbc1cd6815ece6f11f0b00b9_s390x as a component of Red Hat OpenShift Pipelines 1.18.0 | registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:294c23a3c2eb5f4fc3e3f459e7ec4ffd39ee93a5dbc1cd6815ece6f11f0b00b9_s390x |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:f64ce1513d4a4c3cee8b3aa18cab9b85b549d33c373752a1a4fa6e75a3d7ac99_amd64 as a component of Red Hat OpenShift Pipelines 1.18.0 | registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9@sha256:f64ce1513d4a4c3cee8b3aa18cab9b85b549d33c373752a1a4fa6e75a3d7ac99_amd64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:11f8a9647be2a9768a4925fce0f747a1851d8844799eb94534bb4bf3f30789e3_s390x as a component of Red Hat OpenShift Pipelines 1.18.0 | registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel9@sha256:11f8a9647be2a9768a4925fce0f747a1851d8844799eb94534bb4bf3f30789e3_s390x |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:1ed411f68cba53ab0658df782d97917fc45752050c185fbfa9a59af4f67feca1_amd64 as a component of Red Hat OpenShift Pipelines 1.18.0 | registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel9@sha256:1ed411f68cba53ab0658df782d97917fc45752050c185fbfa9a59af4f67feca1_amd64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:363282213bab164327677a193f1053094b112395781b972e8e708803febd91a6_arm64 as a component of Red Hat OpenShift Pipelines 1.18.0 | registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel9@sha256:363282213bab164327677a193f1053094b112395781b972e8e708803febd91a6_arm64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:8b44ee10cba6dfaad0d8128d2e6162088bc9462772244675a5577c0311a443d8_arm64 as a component of Red Hat OpenShift Pipelines 1.18.0 | registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:8b44ee10cba6dfaad0d8128d2e6162088bc9462772244675a5577c0311a443d8_arm64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:63d93a67a24be3eeb0152af001227c4e6e5c11e7d7687b64b58cae5b9e567581_arm64 as a component of Red Hat OpenShift Pipelines 1.18.0 | registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel9@sha256:63d93a67a24be3eeb0152af001227c4e6e5c11e7d7687b64b58cae5b9e567581_arm64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:8b44ee10cba6dfaad0d8128d2e6162088bc9462772244675a5577c0311a443d8_arm64 as a component of Red Hat OpenShift Pipelines 1.18.0 | registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:8b44ee10cba6dfaad0d8128d2e6162088bc9462772244675a5577c0311a443d8_arm64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:5b65f197b3f0c985bf04c2308f71ae940f7f4547a3236c6eba57a7f3271ca9cf_amd64 as a component of Red Hat OpenShift Pipelines 1.18.0 | registry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:5b65f197b3f0c985bf04c2308f71ae940f7f4547a3236c6eba57a7f3271ca9cf_amd64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:864a0ebb9468872d6063514830a116cfa3b0bec14f28f9a7601801ee49c7af06_ppc64le as a component of Red Hat OpenShift Pipelines 1.18.0 | registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel9@sha256:864a0ebb9468872d6063514830a116cfa3b0bec14f28f9a7601801ee49c7af06_ppc64le |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:0ddf1344d4eb526cfaf059ecab4de2805250ad926afd3c10a98e2e2335afda31_amd64 as a component of Red Hat OpenShift Pipelines 1.18.0 | registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel9@sha256:0ddf1344d4eb526cfaf059ecab4de2805250ad926afd3c10a98e2e2335afda31_amd64 |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:614b49fc9f92d900fb74a66f776fe89e4be2e54940098f43f5f0699dc97a6f17_s390x as a component of Red Hat OpenShift Pipelines 1.18.0 | registry.redhat.io/openshift-pipelines/pipelines-results-retention-policy-agent-rhel9@sha256:614b49fc9f92d900fb74a66f776fe89e4be2e54940098f43f5f0699dc97a6f17_s390x |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:9123f46e349f6ac594befbd816c6c29c107383d415a872e0e9a2126b3a9107a6_ppc64le as a component of Red Hat OpenShift Pipelines 1.18.0 | registry.redhat.io/openshift-pipelines/pipelines-nop-rhel9@sha256:9123f46e349f6ac594befbd816c6c29c107383d415a872e0e9a2126b3a9107a6_ppc64le |
| Red Hat | registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel9@sha256:352a776c09b3ae375d32e9612e6ee2b351764ad712bd79fbc926f158964a4df9_arm64 as a component of Red Hat OpenShift Pipelines 1.18.0 | * |
…and 204 more
Timeline
- May 27, 2025 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:8233 advisory
- https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://access.redhat.com/security/cve/cve-2024-21536 advisory
- https://access.redhat.com/security/cve/cve-2024-48949 advisory
- https://access.redhat.com/security/cve/cve-2024-11831 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8233.json advisory
- https://access.redhat.com/security/cve/CVE-2024-11831 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2312579 issue
- https://www.cve.org/CVERecord?id=CVE-2024-11831 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-11831 advisory
- https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e advisory
- https://github.com/yahoo/serialize-javascript/pull/173 advisory
- https://access.redhat.com/security/cve/CVE-2024-21536 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2319884 issue
- https://www.cve.org/CVERecord?id=CVE-2024-21536 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-21536 advisory
- https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a advisory
- https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5 advisory
- https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22 advisory
…and 7 more