serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function “deleteFunctions” within “index.js”.
[
{
"product": "serialize-javascript",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 3.1.0"
}
]
}
]