216.73.216.215

CVE-2026-24006

· Published 22/01/2026 03:15 · Modified 22/01/2026 03:15

Labels: CVE-2026-24006 2026-01-22CVE-2026-24006CWE-770[email protected]

Essential information

Published
22/01/2026 03:15
Modified
22/01/2026 03:15
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a `depthLimit` parameter in serialization/deserialization methods. An error will be thrown if the depth limit is reached.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
seroval / seroval cpe:2.3:a:seroval:seroval:1.4.0:*:*:*:*:*:*:*
seroval / seroval cpe:2.3:a:seroval:seroval:1.4.1:*:*:*:*:*:*:*

References