inikulin/replicator

Releases6

Frequency1 year 3 hours

Last Release about 5 years ago

Stars25

Advanced JavaScript objects serialization.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-2265 ↗	Apr 1, 2026Wednesday, 1 April 2026, 17:28	6.5 MEDIUM	—
An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input and execute the resulting object.
CVE-2021-33420 ↗	Dec 15, 2022Thursday, 15 December 2022, 19:15	9.8 CRITICAL	—
A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.