Description
A vulnerability exists in the counterpart library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. The affected versions prior to 0.18.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.18.6
References
Related Issues
- Payload does not invalidate JWTs after log out - CVE-2025-4643
- Use of Insufficiently Random Values in undici - CVE-2025-22150
- SummerNote Cross Site Scripting Vulnerability - CVE-2024-37629
- Summernote vulnerable to cross-site scripting - CVE-2024-29504
- Tags:
- npm
- counterpart
Anything's wrong? Let us know Last updated on September 26, 2025