vue-i18n has cross-site scripting vulnerability with prototype pollution (GHSA-9r9m-ffp6-9x4v)
- Severity:
- Medium
Description
XSS
Recommendation
Update the @intlify/vue-i18n-core package to the latest compatible version. Followings are version details:
Affected version(s): **>= 10.0.0, < 10.0.5 >= 9.3.0, < 9.14.2** Patched version(s): **10.0.5 9.14.2**
References
Related Issues
- x402 SDK vulnerable in outdated versions in resource servers for builders (GHSA-3j63-5h8p-gf7c) - Vulnerability
- Vue I18n Allows Prototype Pollution in `handleFlatJson` (GHSA-p2ph-7g93-hw3m) - CVE-2025-27597
- @intlify/shared Prototype Pollution vulnerability (GHSA-hjwq-mjwj-4x6c) - CVE-2024-52810
- vue-i18n's escapeParameterHtml does not prevent DOM-based XSS through its tag attributes (GHSA-x8qp-wqqm-57ph) - CVE-2025-53892
- Tags:
- npm
- @intlify/vue-i18n-core
Anything's wrong? Let us know Last updated on December 02, 2024