The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
[
{
"product": "php-gettext",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 1.0.12"
}
]
}
]