CVE-2024-21528 MEDIUM

CVE-2024-21528

Vendor N/A
Product node-gettext
Weakness CWE-1321
Published September 10, 2024
Last update November 12, 2024

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

What the vulnerability does

01Description

All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization.

Key dates

02Disclosure timeline

September 10, 2024 CVE published
November 12, 2024 Record updated