13 matches found
CVE-2026-41885
i18next-locize-backend is a simple i18next backend for locize.com which can be used in Node.js, in the browser and for Deno. Prior to version 9.0.2, i18next-locize-backend interpolates lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath /...
CVE-2026-41885
i18next-locize-backend is a simple i18next backend for locize.com which can be used in Node.js, in the browser and for Deno. Prior to version 9.0.2, i18next-locize-backend interpolates lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath /...
CVE-2026-41885 Path traversal / URL injection via unsanitised lng/ns/projectId/version in i18next-locize-backend
i18next-locize-backend is a simple i18next backend for locize.com which can be used in Node.js, in the browser and for Deno. Prior to version 9.0.2, i18next-locize-backend interpolates lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath /...
CVE-2026-41885
i18next-locize-backend is a simple i18next backend for locize.com which can be used in Node.js, in the browser and for Deno. Prior to version 9.0.2, i18next-locize-backend interpolates lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath /...
EUVD-2026-28795
i18next-locize-backend is a simple i18next backend for locize.com which can be used in Node.js, in the browser and for Deno. Prior to version 9.0.2, i18next-locize-backend interpolates lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath /...
CVE-2026-41885
CVE-2026-41885 affects i18next-locize-backend prior to version 9.0.2. The issue arises when the backend interpolates values (lng, ns, projectId, version) directly into URL templates (loadPath/privatePath/addPath/updatePath/getLanguagesPath) without encoding or validation, enabling user-controlled...
i18next-locize-backend 路径遍历漏洞
i18next-locize-backend is an open-source plugin for internationalization resource loading and key storage by locize. Versions of i18next-locize-backend prior to 9.0.2 had a path traversal vulnerability. This vulnerability arises from directly inserting lng, ns, projectId, and version into the URL...
Directory Traversal
Overview i18next-locize-backend is an i18next-locize-backend is a backend layer for i18next to use locize service which can be used in node.js, in the browser and for deno. Affected versions of this package are vulnerable to Directory Traversal via the lng, ns, projectId, or version parameters,...
@aedwards/ohif-viewer (>=5.0.1 <=5.0.14), @bitrefill/airfill-widget (>=3.6.0 <=4.1.7) +55 more potentially affected by CVE-2026-41885 via i18next-locize-backend (>=0.0.1 <=9.0.1)
i18next-locize-backend NPM version =0.0.1, =5.0.1, =3.6.0, =1.7.5, =1.0.5, =9.14.0, =1.0.0, =1.0.1, =0.8.1, =0.8.1, =1.0.0, =1.0.0, =0.0.11, =0.53.0-14, =0.53.3 and more Source cves: CVE-2026-41885 Source advisory: OSV:GHSA-MGCP-MFP8-3Q45...
locizer (>=5.0.0 <=5.0.1), locizify (>=9.0.0 <=9.0.9) +1 more potentially affected by CVE-2026-41885 via i18next-locize-backend (>=9.0.0 <=9.0.1)
i18next-locize-backend NPM version =9.0.0, =5.0.0, =9.0.0, =2.0.0, =2.0.6 Source cves: CVE-2026-41885 Source advisory: SNYK:JS-I18NEXTLOCIZEBACKEND-16415530...
i18next-locize-backend has URL Injection via Unsanitized Path Parameters
Summary Versions of i18next-locize-backend prior to 9.0.2 interpolate lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath / getLanguagesPath URL templates with no path-component validation and no encoding. When an application exposes any of...
GHSA-MGCP-MFP8-3Q45 i18next-locize-backend has URL Injection via Unsanitized Path Parameters
Summary Versions of i18next-locize-backend prior to 9.0.2 interpolate lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath / getLanguagesPath URL templates with no path-component validation and no encoding. When an application exposes any of...
PT-2026-37155
Name of the Vulnerable Software and Affected Versions i18next-locize-backend versions prior to 9.0.2 Description The software interpolates lng, ns, projectId, and version directly into configured URL templates such as 'loadPath', 'privatePath', 'addPath', 'updatePath', and 'getLanguagesPath'...