VYPR

npm package

i18next-http-middleware

pkg:npm/i18next-http-middleware

Vulnerabilities (3)

  • CVE-2026-42353HigMay 8, 2026
    affected < 3.9.3fixed 3.9.3

    i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into i18next.services.backendCo

  • CVE-2026-41690HigMay 8, 2026
    affected < 3.9.3fixed 3.9.3

    18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Versions prior to 3.9.3 allow an unauthenticated HTTP client to pollute Object.prototype in the Node.js process hosting the middleware, via two unvalidated ent

  • CVE-2026-41683HigMay 8, 2026
    affected < 3.9.3fixed 3.9.3

    i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware wrote user-controlled language values into the Content-Language response header after passing them through uti