@intlify/shared Prototype Pollution vulnerability

Description

Vulnerability type: Prototype Pollution

Affected Package:

Product: @intlify/shared Version: 10.0.4

Vulnerability Location(s):

node_modules/@intlify/shared/dist/shared.cjs:232:26

Description:

The latest version of @intlify/shared (10.0.4) is vulnerable to Prototype Pollution through the entry function(s) lib.deepCopy.

Recommendation

Update the petite-vue-i18n package to the latest compatible version. Followings are version details:

• Affected version(s): >= 10.0.0, < 10.0.5
• Patched version(s): 10.0.5

References

• GHSA-hjwq-mjwj-4x6c
• CVE-2024-52810
• CWE-1321
• CAPEC-310
• OWASP 2021-A6

Related Issues

• @intlify/shared Prototype Pollution vulnerability (GHSA-hjwq-mjwj-4x6c) 3 - CVE-2024-52810
• @intlify/shared Prototype Pollution vulnerability (GHSA-hjwq-mjwj-4x6c) - CVE-2024-52810
• @intlify/shared Prototype Pollution vulnerability (GHSA-hjwq-mjwj-4x6c) 2 - CVE-2024-52810
• vue-i18n has cross-site scripting vulnerability with prototype pollution - CVE-2024-52809

Tags:

npm

petite-vue-i18n