ajinabraham.njsscan.eval_deserialize.serializetojs_deserialize

Author
1,129
Download Count*
License
User controlled data in 'unserialize()' or 'deserialize()' function can result in Object Injection or Remote Code Injection.
Run Locally
Run in CI
Defintion
rules:
- id: serializetojs_deserialize
patterns:
- pattern-inside: |
require('serialize-to-js')
...
- pattern: |
$X.deserialize(...)
message: User controlled data in 'unserialize()' or 'deserialize()' function can
result in Object Injection or Remote Code Injection.
languages:
- javascript
severity: ERROR
metadata:
owasp-web: a8
cwe: cwe-502
license: LGPL-3.0-or-later
Short Link: https://sg.run/8yXB