CVE-2025-50537 (Medium) detected in eslint-7.32.0.tgz #1066
Description
CVE-2025-50537 - Medium Severity Vulnerability
Vulnerable Library - eslint-7.32.0.tgz
An AST-based pattern checker for JavaScript.
Library home page: https://registry.npmjs.org/eslint/-/eslint-7.32.0.tgz
Path to dependency file: /root/package.json
Path to vulnerable library: /root/node_modules/eslint/package.json,/server/client/node_modules/eslint/package.json
Dependency Hierarchy:
- ❌ eslint-7.32.0.tgz (Vulnerable Library)
Found in HEAD commit: f5138814bd6e253a8a5e8826b5a576edb13ed346
Found in base branch: main
Vulnerability Details
Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. During validation, the internal function checkDuplicateTestCase() is called, which in turn uses the isSerializable() function for serialization checks. When a circular reference object is passed in, isSerializable() enters infinite recursion, ultimately causing a stack overflow.
Publish Date: 2026-01-26
URL: CVE-2025-50537
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2026-01-26
Fix Resolution: 9.26.0
Step up your Open Source Security Game with Mend here