npm package
@messageformat/runtime
pkg:npm/%40messageformat/runtime
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-57353 | Med | 5.3 | >= 3.0.1, < 3.0.2 | 3.0.2 | Sep 24, 2025 | The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects |
- affected >= 3.0.1, < 3.0.2fixed 3.0.2
The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects