messageformat 安全漏洞

messageformat is a messageformat open source ICU message format and Unicode message format library for Javascript. A security vulnerability exists in messageformat versions prior to 2.3.0 that stems from improper handling of nested message keys containing special characters, which could lead to...

CVE-2025-57349

The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...

PT-2025-39317

Name of the Vulnerable Software and Affected Versions messageformat versions prior to 3.0.1 Description The Runtime components of the messageformat package for Node.js are susceptible to a prototype pollution issue. Insufficient validation of nested message keys during message data processing...

PT-2025-39330

Name of the Vulnerable Software and Affected Versions messageformat versions prior to 2.3.0 Description The messageformat package, a JavaScript implementation of the Unicode MessageFormat 2 specification, contains a flaw related to improper handling of message key paths. This can lead to prototyp...