Описание
Denial of Service and Content Injection in i18n-node-angular
Versions of i18n-node-angular prior to 1.4.0 are affected by denial of service and cross-site scripting vulnerabilities. The vulnerabilities exist in a REST endpoint that was created for development purposes, but was not disabled in production in affected versions.
Recommendation
Update to version 1.4.0 or later.
Пакеты
Наименование
i18n-node-angular
npm
Затронутые версииВерсия исправления
< 1.4.0
1.4.0
Связанные уязвимости
CVSS3: 8.2
nvd
больше 7 лет назад
i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection.