vue-i18n has cross-site scripting vulnerability with prototype pollution (GHSA-9r9m-ffp6-9x4v) 3
- Severity:
- Medium
Description
XSS
Recommendation
Update the @intlify/core package to the latest compatible version. Followings are version details:
Affected version(s): **>= 10.0.0, < 10.0.5 >= 9.3.0, < 9.14.2** Patched version(s): **10.0.5 9.14.2**
References
Related Issues
- x402 SDK vulnerable in outdated versions in resource servers for builders (GHSA-3j63-5h8p-gf7c) 3 - Vulnerability
- Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo - CVE-2024-21548
- jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label - CVE-2022-31160
- vue-i18n's escapeParameterHtml does not prevent DOM-based XSS through its tag attributes (GHSA-x8qp-wqqm-57ph) 3 - CVE-2025-53892
- Tags:
- npm
- @intlify/core
Anything's wrong? Let us know Last updated on December 02, 2024