Описание
gettext.js has a Cross-site Scripting injection
Impact
Possible vulnerability to XSS injection if .po dictionary definition files is corrupted
Patches
Update gettext.js to 2.0.3
Workarounds
Make sure you control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.
Пакеты
gettext.js
< 2.0.3
2.0.3
Связанные уязвимости
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting (XSS) injection if `.po` dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting (XSS) injection if `.po` dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.
gettext.js is a GNU gettext port for node and the browser. There is a ...