CVE-2024-52809 MEDIUM

CVE-2024-52809: Cross-site Scripting vulnerability with prototype pollution in vue-i18n

Vendor Intlify
Product vue-i18n
Weakness CWE-79 · XSS
Published November 29, 2024
Last update December 2, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to `createI18n` or `useI18n`. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

November 29, 2024 CVE published
December 2, 2024 Record updated