Description
Affected versions of i18next may fail to sanitize user input when certain configuration options are used. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true.
Recommendation
Update the i18next package to the latest compatible version. Followings are version details:
- Affected version(s): >= 2.0.0, < 3.4.4
- Patched version(s): 3.4.4
References
Related Issues
- Prototype Pollution in lodash (GHSA-jf85-cpcp-j695) 4 - CVE-2019-10744
- Prototype Pollution in lodash (GHSA-jf85-cpcp-j695) 2 - CVE-2019-10744
- Passbolt Browser Extension leaks password information - CVE-2024-33669
- JSONata expression can pollute the "Object" prototype - CVE-2024-27307
- Tags:
- npm
- i18next
Anything's wrong? Let us know Last updated on September 08, 2023