VYPR

I18next HTTP Middleware

by I18next

Source repositories

CVEs (3)

  • CVE-2026-48714CriJun 15, 2026
    risk 0.52cvss 9.1epss 0.00

    i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the missingKeyHandler blocked the literal request-body keys __proto__, constructor, and prototype (added in 3.9.3, see…

  • CVE-2026-41690HigMay 8, 2026
    risk 0.49cvss 8.6epss 0.00

    18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Versions prior to 3.9.3 allow an unauthenticated HTTP client to pollute Object.prototype in the Node.js process hosting the middleware, via two unvalidated…

  • CVE-2026-42353HigMay 8, 2026
    risk 0.46cvss 8.2epss 0.00

    i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into…