Attacker Value
Unknown
0
CVE-2024-11831
0
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0
CVE-2024-11831
(Last updated February 13, 2025) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
MITRE ATT&CK
Select the MITRE ATT&CK Tactics that apply to this CVE
Collection
Select any Techniques used:
Command and Control
Select any Techniques used:
Credential Access
Select any Techniques used:
Defense Evasion
Select any Techniques used:
Discovery
Select any Techniques used:
Execution
Select any Techniques used:
Exfiltration
Select any Techniques used:
Impact
Select any Techniques used:
Initial Access
Select any Techniques used:
Lateral Movement
Select any Techniques used:
Persistence
Select any Techniques used:
Privilege Escalation
Select any Techniques used:
Topic Tags
Select the tags that apply to this CVE (Assessment added tags are disabled and cannot be removed)
What makes this of high-value to an attacker?
What makes this of low-value to an attacker?
Description
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown
General Information
Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Red Hat Advanced Cluster Security 4.4 not down converted
Red Hat Advanced Cluster Security 4.5 not down converted
Cryostat 3 not down converted
Logging Subsystem for Red Hat OpenShift not down converted
Migration Toolkit for Applications 7 not down converted
Migration Toolkit for Applications 7 not down converted
Migration Toolkit for Virtualization not down converted
.NET 6.0 on Red Hat Enterprise Linux not down converted
OpenShift Lightspeed not down converted
OpenShift Pipelines not down converted
OpenShift Pipelines not down converted
OpenShift Pipelines not down converted
OpenShift Pipelines not down converted
OpenShift Serverless not down converted
OpenShift Service Mesh 2 not down converted
OpenShift Service Mesh 2 not down converted
Red Hat 3scale API Management Platform 2 not down converted
Red Hat Advanced Cluster Management for Kubernetes 2 not down converted
Red Hat Advanced Cluster Security 4 not down converted
Red Hat Advanced Cluster Security 4 not down converted
Red Hat Advanced Cluster Security 4 not down converted
Red Hat Advanced Cluster Security 4 not down converted
Red Hat Advanced Cluster Security 4 not down converted
Red Hat Ansible Automation Platform 2 not down converted
Red Hat Ansible Automation Platform 2 not down converted
Red Hat Ansible Automation Platform 2 not down converted
Red Hat Ansible Automation Platform 2 not down converted
Red Hat build of Apache Camel - HawtIO not down converted
Red Hat build of Apicurio Registry not down converted
Red Hat Build of Keycloak not down converted
Red Hat build of OptaPlanner 8 not down converted
Red Hat Data Grid 8 not down converted
Red Hat Developer Hub not down converted
Red Hat Developer Hub not down converted
Red Hat Discovery not down converted
Red Hat Enterprise Linux 8 not down converted
Red Hat Enterprise Linux 8 not down converted
Red Hat Enterprise Linux 8 not down converted
Red Hat Enterprise Linux 8 not down converted
Red Hat Enterprise Linux 9 not down converted
Red Hat Enterprise Linux 9 not down converted
Red Hat Enterprise Linux 9 not down converted
Red Hat Enterprise Linux 9 not down converted
Red Hat Fuse 7 not down converted
Red Hat Integration Camel K not down converted
Red Hat JBoss Enterprise Application Platform 7 not down converted
Red Hat JBoss Enterprise Application Platform 8 not down converted
Red Hat JBoss Enterprise Application Platform Expansion Pack not down converted
Red Hat OpenShift AI (RHOAI) not down converted
Red Hat OpenShift AI (RHOAI) not down converted
Red Hat OpenShift AI (RHOAI) not down converted
Red Hat OpenShift AI (RHOAI) not down converted
Red Hat OpenShift AI (RHOAI) not down converted
Red Hat OpenShift AI (RHOAI) not down converted
Red Hat OpenShift AI (RHOAI) not down converted
Red Hat OpenShift AI (RHOAI) not down converted
Red Hat OpenShift AI (RHOAI) not down converted
Red Hat OpenShift AI (RHOAI) not down converted
Red Hat OpenShift AI (RHOAI) not down converted
Red Hat OpenShift AI (RHOAI) not down converted
Red Hat OpenShift AI (RHOAI) not down converted
Red Hat OpenShift Container Platform 3.11 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat Openshift Data Foundation 4 not down converted
Red Hat Openshift Data Foundation 4 not down converted
Red Hat Openshift Data Foundation 4 not down converted
Red Hat Openshift Data Foundation 4 not down converted
Red Hat OpenShift Dev Spaces not down converted
Red Hat OpenShift Dev Spaces not down converted
Red Hat OpenShift Dev Spaces not down converted
Red Hat OpenShift distributed tracing 3 not down converted
Red Hat OpenShift distributed tracing 3 not down converted
Red Hat OpenShift distributed tracing 3 not down converted
Red Hat OpenShift distributed tracing 3 not down converted
Red Hat OpenShift distributed tracing 3 not down converted
Red Hat OpenShift distributed tracing 3 not down converted
Red Hat OpenShift distributed tracing 3 not down converted
Red Hat Process Automation 7 not down converted
Red Hat Quay 3 not down converted
Red Hat Satellite 6 not down converted
Red Hat Satellite 6 not down converted
Red Hat Satellite 6 not down converted
Red Hat Satellite 6 not down converted
Red Hat Single Sign-On 7 not down converted
Red Hat Trusted Profile Analyzer not down converted
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown
Vendors
Products
- Red Hat Advanced Cluster Security 4.4
- Red Hat Advanced Cluster Security 4.5
- Cryostat 3
- Logging Subsystem for Red Hat OpenShift
- Migration Toolkit for Applications 7
- Migration Toolkit for Virtualization
- .NET 6.0 on Red Hat Enterprise Linux
- OpenShift Lightspeed
- OpenShift Pipelines
- OpenShift Serverless
- OpenShift Service Mesh 2
- Red Hat 3scale API Management Platform 2
- Red Hat Advanced Cluster Management for Kubernetes 2
- Red Hat Advanced Cluster Security 4
- Red Hat Ansible Automation Platform 2
- Red Hat build of Apache Camel HawtIO
- Red Hat build of Apicurio Registry
- Red Hat Build of Keycloak
- Red Hat build of OptaPlanner 8
- Red Hat Data Grid 8
- Red Hat Developer Hub
- Red Hat Discovery
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- Red Hat Fuse 7
- Red Hat Integration Camel K
- Red Hat JBoss Enterprise Application Platform 7
- Red Hat JBoss Enterprise Application Platform 8
- Red Hat JBoss Enterprise Application Platform Expansion Pack
- Red Hat OpenShift AI (RHOAI)
- Red Hat OpenShift Container Platform 3.11
- Red Hat OpenShift Container Platform 4
- Red Hat Openshift Data Foundation 4
- Red Hat OpenShift Dev Spaces
- Red Hat OpenShift distributed tracing 3
- Red Hat Process Automation 7
- Red Hat Quay 3
- Red Hat Satellite 6
- Red Hat Single Sign On 7
- Red Hat Trusted Profile Analyzer
References
Miscellaneous
Additional Info
Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Rapid7
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
