Description
All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 3.0.0
References
Related Issues
- node-cube vulnerable to prototype pollution - CVE-2025-57348
- jrburke requirejs vulnerable to prototype pollution - CVE-2024-38999
- ag-grid packages vulnerable to Prototype Pollution (GHSA-328p-362g-r48j) 2 - CVE-2024-39001
- ag-grid packages vulnerable to Prototype Pollution (GHSA-328p-362g-r48j) - CVE-2024-39001
- Tags:
- npm
- node-gettext
Anything's wrong? Let us know Last updated on November 18, 2024