node-gettext vulnerable to Prototype Pollution

Description

All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 3.0.0

References

• GHSA-g974-hxvm-x689
• security.snyk.io
• CVE-2024-21528
• CWE-1321
• CAPEC-310
• OWASP 2021-A6

Related Issues

• ag-grid packages vulnerable to Prototype Pollution - @ag-grid-enterprise/charts - CVE-2024-39001
• jrburke requirejs vulnerable to prototype pollution - CVE-2024-38999
• ag-grid packages vulnerable to Prototype Pollution - ag-grid-enterprise - CVE-2024-39001
• node-cube vulnerable to prototype pollution - CVE-2025-57348

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

node-gettext