CVE-2024-21528

CVSS V2 None CVSS V3 None

Description

All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization.

Overview

CVE ID
CVE-2024-21528

Assigner
snyk

Vulnerability Status
PUBLISHED

Published Version
2024-09-10T05:00:01.556Z

Last Modified Date
2024-09-10T05:00:01.556Z

Weakness Enumerations

CWE	URL
CWE-1321	http://cwe.mitre.org/data/definitions/1321.html

References

Reference URL	Reference Tags
https://security.snyk.io/vuln/SNYK-JS-NODEGETTEXT-6100943
https://github.com/alexanderwallin/node-gettext/blob/65d9670f691c2eeca40dce129c95bcf8b613d344/lib/gettext.js%23L113

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-21528
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21528

History

Created	Old Value	New Value	Data Type	Notes
2024-09-10 13:14:04				Added to TrackCVE