CVE-2025-50537 (Medium) detected in eslint-8.57.0.tgz, eslint-8.57.1.tgz

## CVE-2025-50537 - Medium Severity Vulnerability
<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20> Vulnerable Libraries - eslint-8.57.0.tgz, eslint-8.57.1.tgz</summary>


<details><summary>eslint-8.57.0.tgz</summary>


Library home page: <a href="https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz">https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz</a>
Path to dependency file: /ui/package.json
Path to vulnerable library: /ui/package.json


Dependency Hierarchy:
 - @postgres.ai/ce-4.0.3.tgz (Root Library)
 - eslint-plugin-cypress-2.14.0.tgz
 - :x: **eslint-8.57.0.tgz** (Vulnerable Library)
</details>
<details><summary>eslint-8.57.1.tgz</summary>

An AST-based pattern checker for JavaScript.
Library home page: <a href="https://registry.npmjs.org/eslint/-/eslint-8.57.1.tgz">https://registry.npmjs.org/eslint/-/eslint-8.57.1.tgz</a>
Path to dependency file: /ui/package.json
Path to vulnerable library: /ui/package.json


Dependency Hierarchy:
 - @postgres.ai/ce-4.0.3.tgz (Root Library)
 - react-scripts-5.0.1.tgz
 - :x: **eslint-8.57.1.tgz** (Vulnerable Library)
</details>

Found in base branch: master
</details>


</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> Vulnerability Details</summary>
 
 
Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. During validation, the internal function checkDuplicateTestCase() is called, which in turn uses the isSerializable() function for serialization checks. When a circular reference object is passed in, isSerializable() enters infinite recursion, ultimately causing a stack overflow.

Publish Date: 2026-01-26
URL: <a href=https://www.mend.io/vulnerability-database/CVE-2025-50537>CVE-2025-50537</a>

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20> CVSS 3 Score Details (5.5)</summary>


Base Score Metrics:
- Exploitability Metrics:
 - Attack Vector: Local
 - Attack Complexity: Low
 - Privileges Required: None
 - User Interaction: Required
 - Scope: Unchanged
- Impact Metrics:
 - Confidentiality Impact: None
 - Integrity Impact: None
 - Availability Impact: High

For more information on CVSS3 Scores, click <a href="https://www.first.org/cvss/calculator/3.0">here</a>.

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/suggested_fix.png' width=19 height=20> Suggested Fix</summary>


Type: Upgrade version
Release Date: 2026-01-26
Fix Resolution: eslint - 9.26.0,https://github.com/eslint/eslint.git - v9.26.0


</details>


***
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2025-50537 (Medium) detected in eslint-8.57.0.tgz, eslint-8.57.1.tgz #273

CVE-2025-50537 - Medium Severity Vulnerability

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2025-50537 (Medium) detected in eslint-8.57.0.tgz, eslint-8.57.1.tgz #273

Description

CVE-2025-50537 - Medium Severity Vulnerability

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions