Vulnerabilities in serialize-to-js 2.0.0