Description
Affected versions of i18next may fail to sanitize user input when certain configuration options are used. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true.
Recommendation
Update the i18next package to the latest compatible version. Followings are version details:
- Affected version(s): >= 2.0.0, < 3.4.4
- Patched version(s): 3.4.4
References
Related Issues
- Cross-Site Scripting in i18next - CVE-2017-16008
- Cross-Site Scripting in sanitize-html - CVE-2017-16017
- Cross-Site Scripting in @novnc/novnc - CVE-2017-18635
- Cross-Site Scripting in html-janitor - CVE-2017-0931
You might also like:
- Tags:
- npm
- i18next
Anything's wrong? Let us know Last updated on September 08, 2023