CVE-2026-23957

{"id": "CVE-2026-23957", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-01-22T02:15:52.470", "references": [{"url": "https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-66fc-rw6m-c2q6", "tags": ["Mitigation", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0\nand below, overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing time. This issue has been fixed in version 1.4.1."}, {"lang": "es", "value": "seroval facilita la serializaci\u00f3n de valores JS, incluyendo estructuras complejas m\u00e1s all\u00e1 de las capacidades de JSON.stringify. En las versiones 1.4.0 e inferiores, la anulaci\u00f3n de las longitudes de arrays codificados al reemplazarlas con un valor excesivamente grande provoca que el proceso de deserializaci\u00f3n aumente significativamente el tiempo de procesamiento. Este problema ha sido solucionado en la versi\u00f3n 1.4.1."}], "lastModified": "2026-04-06T13:51:20.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lxsmnsyc:seroval:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "85760E40-9AB1-40EB-98A1-D1A4411AAFC5", "versionEndExcluding": "1.4.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}