npm package
i18next
pkg:npm/i18next
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-16008 | — | < 1.10.3 | 1.10.3 | Jun 4, 2018 | i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next <=1.10. | ||
| CVE-2017-16010 | — | >= 2.0.0, < 3.4.4 | 3.4.4 | May 29, 2018 | i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to |
- CVE-2017-16008Jun 4, 2018affected < 1.10.3fixed 1.10.3
i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next <=1.10.
- CVE-2017-16010May 29, 2018affected >= 2.0.0, < 3.4.4fixed 3.4.4
i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to