CVE-2025-50537

Medium CVSS: 5.5

Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. During validation, the internal function checkDuplicateTestCase() is called, which in turn uses the isSerializable() function for serialization checks. When a circular reference object is passed in, isSerializable() enters infinite recursion, ultimately causing a stack overflow.

Vendor

Openjsf

Product

Eslint

CWE

CWE-674

Yayın Tarihi

2026-01-26 16:15:58

Güncelleme

2026-02-04 15:11:00

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-674 Eslint MEDIUM Openjsf 2026

Referanslar

https://gist.github.com/lyyffee/2ee1815e5c2da82c05e9838b9bfefbbc https://github.com/eslint/eslint/issues/19646

Benzer Kayıtlar

High

CVE-2026-2880

A vulnerability in @fastify/middie versions < 9.2.0 can result in authentication/authorization bypass when using path-sc…

High

CVE-2026-22031

@fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @f…

High

CVE-2025-57349

The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable…