node-serialize Insecure Deserialization
Description
Node.js package node-serialize versions <=0.0.4 are vulnerable to a insecure deserialization vulnerability that can be escalated to remote code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE).
Remediation
Untrusted user input should not be passed to the <strong>unserialize()</strong> function.