Описание
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting (XSS) injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 0.7.0-4 |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage | |
| noble | needs-triage | |
| oracular | not-affected | 0.7.0-4 |
| plucky | not-affected | 0.7.0-4 |
Показывать по
EPSS
7.2 High
CVSS3
Связанные уязвимости
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting (XSS) injection if `.po` dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.
gettext.js is a GNU gettext port for node and the browser. There is a ...
gettext.js has a Cross-site Scripting injection
EPSS
7.2 High
CVSS3