CVE-2017-15871

Name: CVE-2017-15871
Creator: NVD / NIST
Published: 2017-10-24T20:29:00.203+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 1.15%

Last modified Jun 17, 2026

CVE-2017-15871 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as demonstrated by a "function(){console.log(" call or a simple infinite loop. NOTE: the vendor agrees that denial of service can occur but notes that deserialize is explicitly listed as "harmful" within the README.md file. EPSS estimates a 1.15% chance of exploitation in the next 30 days.

Description

The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as demonstrated by a "function(){console.log(" call or a simple infinite loop. NOTE: the vendor agrees that denial of service can occur but notes that deserialize is explicitly listed as "harmful" within the README.md file

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

1.15%

62.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-835

Affected Software

Vendor	Product	Versions
Serialize-To-Js Project	Serialize-To-Js	<= 1.1.1

References

https://github.com/commenthol/serialize-to-js/issues/3Broken Link, Issue Tracking, Third Party Advisory
https://kay-malwarebenchmark.github.io/blog/cve-2017-15871-dos-through-iife/Broken Link, Exploit, Third Party Advisory
https://github.com/commenthol/serialize-to-js/issues/3Broken Link, Issue Tracking, Third Party Advisory
https://kay-malwarebenchmark.github.io/blog/cve-2017-15871-dos-through-iife/Broken Link, Exploit, Third Party Advisory

Timeline

Published: Oct 24, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-15871?

How severe is CVE-2017-15871?

CVE-2017-15871 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.15% probability of exploitation in the next 30 days.

How do I fix CVE-2017-15871?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-15871?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST