Medium severity5.9NVD Advisory· Published Sep 10, 2024· Updated Apr 15, 2026

CVE-2024-21528

Description

All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
node-gettextnpm	<= 3.0.0	—

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-g974-hxvm-x689ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-21528ghsaADVISORY
github.com/alexanderwallin/node-gettext/blob/65d9670f691c2eeca40dce129c95bcf8b613d344/lib/gettext.jsghsaWEB
security.snyk.io/vuln/SNYK-JS-NODEGETTEXT-6100943nvdWEB
github.com/alexanderwallin/node-gettext/blob/65d9670f691c2eeca40dce129c95bcf8b613d344/lib/gettext.js%23L113nvd

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000