@intlify/shared Prototype Pollution vulnerability (GHSA-hjwq-mjwj-4x6c) 2
- Severity:
- Medium
Description
Vulnerability type: Prototype Pollution
Affected Package:
Product: @intlify/shared Version: 10.0.4
Vulnerability Location(s):
node_modules/@intlify/shared/dist/shared.cjs:232:26
Description:
The latest version of @intlify/shared (10.0.4) is vulnerable to Prototype Pollution through the entry function(s) lib.deepCopy.
Recommendation
Update the vue-i18n package to the latest compatible version. Followings are version details:
Affected version(s): **>= 10.0.0, < 10.0.5 >= 9.7.0, < 9.14.2** Patched version(s): **10.0.5 9.14.2**
References
Related Issues
- Volto affected by possible DoS by invoking specific URL by anonymous user - CVE-2025-58047
- Vue I18n Allows Prototype Pollution in `handleFlatJson` (GHSA-p2ph-7g93-hw3m) 4 - CVE-2025-27597
- Potential DoS when using ContextLines integration (GHSA-r5w7-f542-q2j4) 10 - Vulnerability
- @intlify/shared Prototype Pollution vulnerability (GHSA-hjwq-mjwj-4x6c) 3 - CVE-2024-52810
- Tags:
- npm
- vue-i18n
Anything's wrong? Let us know Last updated on December 02, 2024