EUVD-2024-2797

Malicious code in bioql PyPI...

node-gettext vulnerable to Prototype Pollution

All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations function in gettext.js due to improper user input sanitization...

GHSA-G974-HXVM-X689 node-gettext vulnerable to Prototype Pollution

All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations function in gettext.js due to improper user input sanitization...

@bitrefill/airfill-widget (>=4.2.2 <=4.8.3), @chialab/rna-cli (>=2.2.0 <=4.0.0-beta.22) +94 more potentially affected by CVE-2024-21528 via node-gettext (>=0.1.2 <=3.0.0)

node-gettext NPM version =0.1.2, =4.2.2, =2.2.0, =2.2.0, =0.9.1, =1.1.2, =4.1.0-alpha.1, =0.0.4, =5.2.0-alpha.13, =5.2.0, =1.0.6, =1.0.17, =1.0.3, =4.1.2, =2.0.0, =2.3.1 and more Source cves: CVE-2024-21528 Source advisory: OSV:GHSA-G974-HXVM-X689...

CVE-2024-21528

A flaw was found in node-gettext. All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations function in gettext.js due to improper user input sanitization. Mitigation Mitigation for this issue is either not available or the currently available options ...

CVE-2024-21528

All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations function in gettext.js due to improper user input sanitization...

CVE-2024-21528

All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations function in gettext.js due to improper user input sanitization...

CVE-2024-21528

All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations function in gettext.js due to improper user input sanitization...

node-gettext 安全漏洞

node-gettext is a JavaScript implementation of gettext, a localization framework open-sourced by Alexander Wallin. A security vulnerability exists in node-gettext, which stems from improper cleaning of user input and may be contaminated by prototypes via the addTranslations function in gettext.js...

PT-2024-18942 · Unknown · Node-Gettext

Name of the Vulnerable Software and Affected Versions: node-gettext versions all Description: The issue is related to Prototype Pollution via the addTranslations function in gettext.js due to improper user input sanitization. This affects the node-gettext package. Recommendations: For all version...

Prototype Pollution

node-gettext is vulnerable to Prototype Pollution. The vulnerability is due to improper user input sanitization in the addTranslations function, allowing attackers to inject or manipulate properties in object prototypes...

@bbc/timeline-state-resolver-tools (>=9.4.0-nightly-release53-6a8a2347-20250820-110110.0 <=10.0.0-nightly-release53-20251030-091938-982ec310.0), @bitrefill/airfill-widget (>=4.2.2 <=4.8.3) +158 more potentially affected by CVE-2024-21528 via node-gettext (>=0.1.2 <=3.0.1)

node-gettext NPM version =0.1.2, =9.4.0-nightly-release53-6a8a2347-20250820-110110.0, =4.2.2, =2.2.0, =2.2.0, =0.9.1, =1.1.2, =4.1.0-alpha.1, =0.0.4, =5.2.0-alpha.13, =5.2.0, =1.0.6, =1.0.17, =1.0.3, =4.1.2, =4.1.4 and more Source cves: CVE-2024-21528 Source advisory: SNYK:JS-NODEGETTEXT-6100943...

Prototype Pollution

Overview node-gettext is an A JavaScript implementation of gettext, a localization framework Affected versions of this package are vulnerable to Prototype Pollution via the addTranslations function in gettext.js due to improper user input sanitization. PoC js const Gettext = require'node-gettext'...