CVE-2026-24006

{"id": "CVE-2026-24006", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-01-22T03:15:47.933", "references": [{"url": "https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-3j22-8qj3-26mx", "tags": ["Mitigation", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0\nand below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a `depthLimit` parameter in serialization/deserialization methods. An error will be thrown if the depth limit is reached."}, {"lang": "es", "value": "Seroval facilita la serializaci\u00f3n de valores JS, incluyendo estructuras complejas m\u00e1s all\u00e1 de las capacidades de JSON.stringify. En las versiones 1.4.0 y anteriores, la serializaci\u00f3n de objetos con una profundidad extrema puede exceder el l\u00edmite m\u00e1ximo de la pila de llamadas. En la versi\u00f3n 1.4.1, Seroval introduce un par\u00e1metro 'depthLimit' en los m\u00e9todos de serializaci\u00f3n/deserializaci\u00f3n. Se lanzar\u00e1 un error si se alcanza el l\u00edmite de profundidad."}], "lastModified": "2026-04-06T13:51:37.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lxsmnsyc:seroval:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "85760E40-9AB1-40EB-98A1-D1A4411AAFC5", "versionEndExcluding": "1.4.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}