Nixpkgs security tracker
5.4 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
References
Affected products
- *
- *
- <6.0.2
- *
- *
- *
- *
- *
- *
- *
- *
Matching in nixpkgs
pkgs.vpcs
Simple virtual PC simulator
pkgs.pcsx2
Playstation 2 emulator
pkgs.rpcs3
PS3 emulator/debugger
-
nixos-unstable 0.0.33-17070-8b8396b94
- nixpkgs-unstable 0.0.33-17070-8b8396b94
- nixos-unstable-small 0.0.33-17070-8b8396b94
pkgs.pcstat
Page Cache stat: get page cache stats for files on Linux
pkgs.grafana
Gorgeous metric viz, dashboards & editors for Graphite, InfluxDB & OpenTSDB
pkgs.pcsclite
Middleware to access a smart card using SCard API (PC/SC)
pkgs.appcsxcad
Minimal Application using the QCSXCAD library
-
nixos-unstable 2023-01-06
- nixpkgs-unstable 2023-01-06
- nixos-unstable-small 2023-01-06
pkgs.pcsx2-bin
Playstation 2 emulator (precompiled binary, repacked from official website)
pkgs.pcsc-tools
Tools used to test a PC/SC driver, card or reader
pkgs.baidupcs-go
Baidu Netdisk commandline client, mimicking Linux shell file handling commands
-
nixos-unstable 3.9.5-unstable-2024-06-23
- nixpkgs-unstable 3.9.5-unstable-2024-06-23
- nixos-unstable-small 3.9.5-unstable-2024-06-23
pkgs.grafana-loki
Like Prometheus, but for logs
pkgs.pcsc-safenet
Safenet Authentication Client
pkgs.rpcsvc-proto
This package contains rpcsvc proto.x files from glibc, which are missing in libtirpc
pkgs.grafana-agent
Lightweight subset of Prometheus and more, optimized for Grafana Cloud
pkgs.grafana-alloy
Open source OpenTelemetry Collector distribution with built-in Prometheus pipelines and support for metrics, logs, traces, and profiles
pkgs.grafana-kiosk
Kiosk Utility for Grafana
pkgs.libretro.pcsx2
Port of PCSX2 to libretro
-
nixos-unstable pcsx2-0-unstable-2023-01-30
- nixpkgs-unstable pcsx2-0-unstable-2023-01-30
- nixos-unstable-small pcsx2-0-unstable-2023-01-30
pkgs.pcsc-cyberjack
REINER SCT cyberJack USB chipcard reader user space driver
pkgs.pcsc-scm-scl011
SCM Microsystems SCL011 chipcard reader user space driver
pkgs.darwin.Librpcsvc
None
pkgs.emacsPackages.pcsv
None
-
nixos-unstable 20240112.1431
- nixpkgs-unstable 20240112.1431
- nixos-unstable-small 20240112.1431
pkgs.pcscliteWithPolkit
Middleware to access a smart card using SCard API (PC/SC)
pkgs.grafana-dash-n-grab
Grafana Dash-n-Grab (gdg) -- backup and restore Grafana dashboards, datasources, and other entities
pkgs.libretro.pcsx_rearmed
Port of PCSX ReARMed to libretro
-
nixos-unstable 0-unstable-2024-11-17
- nixpkgs-unstable 0-unstable-2024-11-17
- nixos-unstable-small 0-unstable-2024-11-17
pkgs.haskellPackages.gpcsets
Generalized Pitch Class Sets for Haskell
pkgs.dhallPackages.dhall-grafana
None
-
nixos-unstable 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
- nixpkgs-unstable 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
- nixos-unstable-small 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
pkgs.emacsPackages.flymake-phpcs
None
-
nixos-unstable 20210213.732
- nixpkgs-unstable 20210213.732
- nixos-unstable-small 20210213.732
pkgs.terraform-providers.grafana
None
pkgs.python311Packages.grafanalib
Library for building Grafana dashboards
pkgs.python312Packages.grafanalib
Library for building Grafana dashboards
pkgs.haskellPackages.amazonka-grafana
Amazon Managed Grafana SDK
pkgs.python311Packages.mypy-boto3-grafana
Type annotations for boto3 grafana
-
nixos-unstable boto3-grafana-1.35.0
- nixpkgs-unstable boto3-grafana-1.35.0
- nixos-unstable-small boto3-grafana-1.35.0
pkgs.python312Packages.mypy-boto3-grafana
Type annotations for boto3 grafana
-
nixos-unstable boto3-grafana-1.35.0
- nixpkgs-unstable boto3-grafana-1.35.0
- nixos-unstable-small boto3-grafana-1.35.0
pkgs.python311Packages.types-aiobotocore-grafana
Type annotations for aiobotocore grafana
pkgs.python312Packages.types-aiobotocore-grafana
Type annotations for aiobotocore grafana
Package maintainers
-
@matthuszagh Matt Huszagh <huszaghmatt@gmail.com>
-
@xddxdd Yuhui Xu <b980120@hotmail.com>
-
@WilliButz Willi Butz <willibutz@posteo.de>
-
@Frostman Sergei Lukianov <me@slukjanov.name>
-
@offlinehacker Jaka Hudoklin <jaka@x-truder.net>
-
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@globin Robin Gloster <mail@glob.in>
-
@flokli Florian Klink <flokli@flokli.de>
-
@emilylange Emily Lange <nix@emilylange.de>
-
@hbjydev Hayden Young <hayden@kuraudo.io>
-
@azahi Azat Bahawi <azat@bahawi.net>
-
@wraithm Matthew Wraith <wraithm@gmail.com>
-
@cdepillabout Dennis Gosnell <cdep.illabout@gmail.com>
-
@marcusramberg Marcus Ramberg <marcus@means.no>
-
@mmahut Marek Mahut <marek.mahut@gmail.com>
-
@aszlig aszlig <aszlig@nix.build>
-
@wldhx wldhx <wldhx+nixpkgs@wldhx.me>
-
@sephalon Stefan Wiehler <me@sephalon.net>
-
@anthonyroussel Anthony Roussel <anthony@roussel.dev>
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@AmineChikhaoui Amine Chikhaoui <amine.chikhaoui91@gmail.com>
-
@hrdinka Christoph Hrdinka <c.nix@hrdinka.at>
-
@matteo-pacini Matteo Pacini <m@matteopacini.me>
-
@AndersonTorres Anderson Torres <torres.anderson.85@protonmail.com>
-
@GovanifY Gauvain 'GovanifY' Roussel-Tarbouriech <gauvain@govanify.com>
-
@michaelgrahamevans Michael Evans <michaelgrahamevans@gmail.com>
-
@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@abbradar Nikolay Amiantov <ab@fmap.me>
-
@ilian ilian <nixos@ilian.dev>
-
@vs49688 Zane van Iperen <zane@zanevaniperen.com>
-
@neonfuz Sage Raflik <neonfuz@gmail.com>