Vulnerabilities in serialize-to-js 1.1.0