@intlify/shared Prototype Pollution vulnerability (GHSA-hjwq-mjwj-4x6c)
- Severity:
- Medium
Description
Vulnerability type: Prototype Pollution
Affected Package:
Product: @intlify/shared Version: 10.0.4
Vulnerability Location(s):
node_modules/@intlify/shared/dist/shared.cjs:232:26
Description:
The latest version of @intlify/shared (10.0.4) is vulnerable to Prototype Pollution through the entry function(s) lib.deepCopy.
Recommendation
Update the @intlify/vue-i18n-core package to the latest compatible version. Followings are version details:
Affected version(s): **>= 10.0.0, < 10.0.5 >= 9.7.0, < 9.14.2** Patched version(s): **10.0.5 9.14.2**
References
Related Issues
- Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes - CVE-2024-6485
- vue-i18n's escapeParameterHtml does not prevent DOM-based XSS through its tag attributes (GHSA-x8qp-wqqm-57ph) - CVE-2025-53892
- react-native-keys insecurely stores encryption cipher and Base64 chunks - CVE-2025-45001
- nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR - CVE-2024-34343
- Tags:
- npm
- @intlify/vue-i18n-core
Anything's wrong? Let us know Last updated on December 02, 2024