VYPR

I18next Fs Backend

by I18next

Source repositories

CVEs (3)

  • CVE-2026-48714CriJun 15, 2026
    risk 0.52cvss 9.1epss 0.00

    i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the missingKeyHandler blocked the literal request-body keys __proto__, constructor, and prototype (added in 3.9.3, see…

  • CVE-2026-48713CriJun 15, 2026
    risk 0.52cvss 9.1epss 0.00

    Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys (e.g. via i18next-http-middleware's missingKeyHandler exposed to untrusted input). Backend.writeFile() splits each queued missing-key…

  • CVE-2026-41693HigMay 8, 2026
    risk 0.46cvss 8.2epss 0.00

    i18next-fs-backend is a backend layer for i18next using in Node.js and for Deno to load translations from the filesystem. Prior to version 2.6.4, i18next-fs-backend substitutes the lng and ns options directly into the configured loadPath / addPath templates and then read / write…