Description
All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 3.0.0
References
Related Issues
- min-document vulnerable to prototype pollution - CVE-2025-57352
- Vite bypasses server.fs.deny when using ?raw?? - CVE-2025-30208
- GetmeUK ContentTools Cross-Site Scripting (XSS) - CVE-2025-2699
- Axios Cross-Site Request Forgery Vulnerability - CVE-2023-45857
- Tags:
- npm
- node-gettext
Anything's wrong? Let us know Last updated on November 18, 2024