CVE-2017-5954: Code Execution Through IIFE

February 10, 2017 (updated March 13, 2017)

Passing untrusted data to the .deserialize function can cause arbitrary code execution through an Immediately Invoked Function Expression (IIFE).

References

github.com/commenthol/serialize-to-js/commit/1cd433960e5b9db4c0b537afb28366198a319429
www.npmjs.com/package/serialize-to-js

Code Behaviors & Features

Detect and mitigate CVE-2017-5954 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →