CVE-2024-11831 - Vulnerability Details

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Acm Advanced Cluster Security Ansible Automation Platform Apache Camel Hawtio Ceph Storage Cryostat Discovery Enterprise Linux Integration Jboss Data Grid Jboss Enterprise Application Platform Jboss Enterprise Bpms Platform Jboss Fuse Jbosseapxp Logging Migration Toolkit Virtualization Openshift Openshift Ai Openshift Data Foundation Openshift Devspaces Openshift Distributed Tracing Openshift Lightspeed Openshift Pipelines Optaplanner Quay Red Hat 3scale Amp Red Hat Single Sign On Rhdh Rhel Dotnet Satellite Serverless Service Mesh Service Registry Trusted Profile Analyzer

No data.

Package	CPE	Advisory	Released Date
Red Hat Advanced Cluster Security 4.4
advanced-cluster-security/rhacs-main-rhel8:4.4.8-2	cpe:/a:redhat:advanced_cluster_security:4.4::el8	RHSA-2025:1468	2025-02-13T00:00:00Z
Red Hat Advanced Cluster Security 4.5
advanced-cluster-security/rhacs-main-rhel8:4.5.6-2	cpe:/a:redhat:advanced_cluster_security:4.5::el8	RHSA-2025:1334	2025-02-11T00:00:00Z
Red Hat Enterprise Linux 9
dotnet8.0-0:8.0.112-1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHBA-2025:0304	2025-01-14T00:00:00Z
RHODF-4.14-RHEL-9
odf4/ocs-client-console-rhel9:v4.14.18-2	cpe:/a:redhat:openshift_data_foundation:4.14::el9	RHSA-2025:8551	2025-06-04T00:00:00Z
odf4/odf-console-rhel9:v4.14.18-3	cpe:/a:redhat:openshift_data_foundation:4.14::el9	RHSA-2025:8551	2025-06-04T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.14.18-2	cpe:/a:redhat:openshift_data_foundation:4.14::el9	RHSA-2025:8551	2025-06-04T00:00:00Z
RHODF-4.15-RHEL-9
odf4/ocs-client-console-rhel9:v4.15.14-2	cpe:/a:redhat:openshift_data_foundation:4.15::el9	RHSA-2025:8544	2025-06-04T00:00:00Z
odf4/odf-console-rhel9:v4.15.14-2	cpe:/a:redhat:openshift_data_foundation:4.15::el9	RHSA-2025:8544	2025-06-04T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.15.14-2	cpe:/a:redhat:openshift_data_foundation:4.15::el9	RHSA-2025:8544	2025-06-04T00:00:00Z
RHODF-4.16-RHEL-9
odf4/ocs-client-console-rhel9:v4.16.10-4	cpe:/a:redhat:openshift_data_foundation:4.16::el9	RHSA-2025:8479	2025-06-04T00:00:00Z
odf4/odf-console-rhel9:v4.16.10-4	cpe:/a:redhat:openshift_data_foundation:4.16::el9	RHSA-2025:8479	2025-06-04T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.16.10-3	cpe:/a:redhat:openshift_data_foundation:4.16::el9	RHSA-2025:8479	2025-06-04T00:00:00Z
RHODF-4.17-RHEL-9
odf4/ocs-client-console-rhel9:v4.17.7-2	cpe:/a:redhat:openshift_data_foundation:4.17::el9	RHSA-2025:8059	2025-05-21T00:00:00Z
odf4/odf-console-rhel9:v4.17.7-2	cpe:/a:redhat:openshift_data_foundation:4.17::el9	RHSA-2025:8059	2025-05-21T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.17.7-2	cpe:/a:redhat:openshift_data_foundation:4.17::el9	RHSA-2025:8059	2025-05-21T00:00:00Z
RHODF-4.18-RHEL-9
odf4/ocs-client-console-rhel9:v4.18.2-8	cpe:/a:redhat:openshift_data_foundation:4.18::el9	RHSA-2025:4511	2025-05-06T00:00:00Z
odf4/odf-console-rhel9:v4.18.2-7	cpe:/a:redhat:openshift_data_foundation:4.18::el9	RHSA-2025:4511	2025-05-06T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.18.2-8	cpe:/a:redhat:openshift_data_foundation:4.18::el9	RHSA-2025:4511	2025-05-06T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHBA-2025:0304
https://access.redhat.com/errata/RHSA-2025:1334
https://access.redhat.com/errata/RHSA-2025:1468
https://access.redhat.com/errata/RHSA-2025:4511
https://access.redhat.com/errata/RHSA-2025:8059
https://access.redhat.com/errata/RHSA-2025:8479
https://access.redhat.com/errata/RHSA-2025:8544
https://access.redhat.com/errata/RHSA-2025:8551
https://access.redhat.com/security/cve/CVE-2024-11831
https://bugzilla.redhat.com/show_bug.cgi?id=2312579
https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e
https://github.com/yahoo/serialize-javascript/pull/173
https://nvd.nist.gov/vuln/detail/CVE-2024-11831
https://www.cve.org/CVERecord?id=CVE-2024-11831

History

Thu, 23 Oct 2025 05:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:ceph_storage:9

Wed, 08 Oct 2025 15:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:rhivos:1~~
Vendors & Products	Redhat rhivos

Wed, 01 Oct 2025 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhivos
CPEs		cpe:/o:redhat:rhivos:1
Vendors & Products		Redhat rhivos

Wed, 20 Aug 2025 22:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat ceph Storage
CPEs		cpe:/a:redhat:ceph_storage:7 cpe:/a:redhat:ceph_storage:8
Vendors & Products		Redhat ceph Storage

Wed, 18 Jun 2025 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat apache Camel Hawtio
CPEs	~~cpe:/a:redhat:rhboac_hawtio:4~~	cpe:/a:redhat:apache_camel_hawtio:4
Vendors & Products	Redhat rhboac Hawtio	Redhat apache Camel Hawtio

Wed, 04 Jun 2025 23:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift_data_foundation:4.14::el9
References		https://access.redhat.com/errata/RHSA-2025:8551

Wed, 04 Jun 2025 20:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift_data_foundation:4.15::el9
References		https://access.redhat.com/errata/RHSA-2025:8544

Wed, 04 Jun 2025 02:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift_data_foundation:4.16::el9
References		https://access.redhat.com/errata/RHSA-2025:8479

Wed, 21 May 2025 07:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift_data_foundation:4.17::el9
References		https://access.redhat.com/errata/RHSA-2025:8059

Wed, 21 May 2025 05:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:10

Tue, 06 May 2025 07:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:openshift_data_foundation:4~~	cpe:/a:redhat:openshift_data_foundation:4.18::el9
References		https://access.redhat.com/errata/RHSA-2025:4511

Fri, 25 Apr 2025 03:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9

Thu, 24 Apr 2025 12:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb
References		https://access.redhat.com/errata/RHBA-2025:0304

Thu, 10 Apr 2025 04:15:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:/a:redhat:build_keycloak: cpe:/a:redhat:migration_toolkit_applications:7
Vendors & Products	Redhat build Keycloak Redhat migration Toolkit Applications

Thu, 27 Feb 2025 20:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:discovery:1.0::el8~~	cpe:/a:redhat:discovery:1

Thu, 13 Feb 2025 19:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:advanced_cluster_security:4.4::el8
References		https://access.redhat.com/errata/RHSA-2025:1468

Thu, 13 Feb 2025 00:45:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2024-11831 https://www.cve.org/CVERecord?id=CVE-2024-11831
Metrics	threat_severity `None`	threat_severity `Moderate`

Tue, 11 Feb 2025 21:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:advanced_cluster_security:4.5::el8
References		https://access.redhat.com/errata/RHSA-2025:1334

Mon, 10 Feb 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 10 Feb 2025 15:30:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
Title		Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript
First Time appeared		Redhat Redhat acm Redhat advanced Cluster Security Redhat ansible Automation Platform Redhat build Keycloak Redhat cryostat Redhat discovery Redhat enterprise Linux Redhat integration Redhat jboss Data Grid Redhat jboss Enterprise Application Platform Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat jbosseapxp Redhat logging Redhat migration Toolkit Applications Redhat migration Toolkit Virtualization Redhat openshift Redhat openshift Ai Redhat openshift Data Foundation Redhat openshift Devspaces Redhat openshift Distributed Tracing Redhat openshift Lightspeed Redhat openshift Pipelines Redhat optaplanner Redhat quay Redhat red Hat 3scale Amp Redhat red Hat Single Sign On Redhat rhboac Hawtio Redhat rhdh Redhat rhel Dotnet Redhat satellite Redhat serverless Redhat service Mesh Redhat service Registry Redhat trusted Profile Analyzer
Weaknesses		CWE-79
CPEs		cpe:/a:redhat:acm:2 cpe:/a:redhat:advanced_cluster_security:4 cpe:/a:redhat:ansible_automation_platform:2 cpe:/a:redhat:build_keycloak: cpe:/a:redhat:cryostat:3 cpe:/a:redhat:discovery:1.0::el8 cpe:/a:redhat:integration:1 cpe:/a:redhat:jboss_data_grid:8 cpe:/a:redhat:jboss_enterprise_application_platform:7 cpe:/a:redhat:jboss_enterprise_application_platform:8 cpe:/a:redhat:jboss_enterprise_bpms_platform:7 cpe:/a:redhat:jboss_fuse:7 cpe:/a:redhat:jbosseapxp cpe:/a:redhat:logging:5 cpe:/a:redhat:migration_toolkit_applications:7 cpe:/a:redhat:migration_toolkit_virtualization:2 cpe:/a:redhat:openshift:3.11 cpe:/a:redhat:openshift:4 cpe:/a:redhat:openshift_ai cpe:/a:redhat:openshift_data_foundation:4 cpe:/a:redhat:openshift_devspaces:3: cpe:/a:redhat:openshift_distributed_tracing:3 cpe:/a:redhat:openshift_lightspeed cpe:/a:redhat:openshift_pipelines:1 cpe:/a:redhat:optaplanner:::el6 cpe:/a:redhat:quay:3 cpe:/a:redhat:red_hat_3scale_amp:2 cpe:/a:redhat:red_hat_single_sign_on:7 cpe:/a:redhat:rhboac_hawtio:4 cpe:/a:redhat:rhdh:1 cpe:/a:redhat:rhel_dotnet:6.0 cpe:/a:redhat:satellite:6 cpe:/a:redhat:serverless:1 cpe:/a:redhat:service_mesh:2 cpe:/a:redhat:service_registry:2 cpe:/a:redhat:trusted_profile_analyzer:1 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat acm Redhat advanced Cluster Security Redhat ansible Automation Platform Redhat build Keycloak Redhat cryostat Redhat discovery Redhat enterprise Linux Redhat integration Redhat jboss Data Grid Redhat jboss Enterprise Application Platform Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat jbosseapxp Redhat logging Redhat migration Toolkit Applications Redhat migration Toolkit Virtualization Redhat openshift Redhat openshift Ai Redhat openshift Data Foundation Redhat openshift Devspaces Redhat openshift Distributed Tracing Redhat openshift Lightspeed Redhat openshift Pipelines Redhat optaplanner Redhat quay Redhat red Hat 3scale Amp Redhat red Hat Single Sign On Redhat rhboac Hawtio Redhat rhdh Redhat rhel Dotnet Redhat satellite Redhat serverless Redhat service Mesh Redhat service Registry Redhat trusted Profile Analyzer
References		https://access.redhat.com/security/cve/CVE-2024-11831 https://bugzilla.redhat.com/show_bug.cgi?id=2312579 https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e https://github.com/yahoo/serialize-javascript/pull/173
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-02-10T15:27:46.732Z

Updated: 2025-10-23T04:53:26.355Z

Reserved: 2024-11-26T18:56:38.187Z

Link: CVE-2024-11831

Vulnrichment

Updated: 2025-02-10T17:08:38.463Z

NVD

Status : Awaiting Analysis

Published: 2025-02-10T16:15:37.080

Modified: 2025-06-04T23:15:20.670

Link: CVE-2024-11831

Redhat

Severity : Moderate

Publid Date: 2024-09-16T00:00:00Z

Links: CVE-2024-11831 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object