@aosweb/osui (>=0.0.23 <=0.0.25), @baosight/er (>=0.1.87 <=0.3.2) +44 more potentially affected by CVE-2025-27597 via @intlify/message-resolver (>=9.1.0 <=9.1.10)

@intlify/message-resolver NPM version =9.1.0, =0.0.23, =0.1.87, =9.14.2, =9.14.2, =0.3.1, =0.5.0, =1.9.7, =9.1.0, =9.1.0, =9.1.0, =9.1.0, =9.1.0, =3.0.0-alpha, =1.8.9, =2.14.0-alpha.3 and more Source cves: CVE-2025-27597 Source advisory: OSV:GHSA-P2PH-7G93-HW3M...

GHSA-P2PH-7G93-HW3M Vue I18n Allows Prototype Pollution in `handleFlatJson`

Vulnerability type: Prototype Pollution Vulnerability Locations: js v9.1 nodemodules/@intlify/message-resolver/index.js v9.2 or later nodemodules/@intlify/vue-i18n-core/index.js Description: The latest version of @intlify/message-resolver 9.1 and @intlify/vue-i18n-core 9.2 or later, previous...

PT-2025-10096

Name of the Vulnerable Software and Affected Versions @intlify/message-resolver version 9.1 @intlify/vue-i18n-core versions 9.2 and later Description The vulnerability is a Prototype Pollution issue through the entry function: handleFlatJson. An attacker can supply a payload with Object.prototype...