CVE-2017-16008

Опубликовано: 04 июн. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next <=1.10.2.

Ссылки

https://github.com/i18next/i18next/pull/443
Exploit
Issue Tracking
Patch
Third Party Advisory
https://nodesecurity.io/advisories/325
Exploit
Third Party Advisory
https://github.com/i18next/i18next/pull/443
Exploit
Issue Tracking
Patch
Third Party Advisory
https://nodesecurity.io/advisories/325
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:i18next:i18next:*:*:*:*:*:node.js:*:*

Версия до 1.10.2 (включая)

EPSS

Процентиль: 45%

0.00223

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-f89g-whpf-6q9m