VYPR

npm package

@messageformat/runtime

pkg:npm/%40messageformat/runtime

Vulnerabilities (1)

  • CVE-2025-57353MedSep 24, 2025
    affected >= 3.0.1, < 3.0.2fixed 3.0.2

    The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects