32 matches found
Prototype Pollution
messageformat is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of nested message keys containing special characters such as proto, which allows an attacker to inject arbitrary properties into the global object prototype, potentially leading to denial of service ...
MAL-2025-49416 Malicious code in icu-messageformat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1fc5a2af1395cc93448f25e96d6c16427b37dfddad7075ec3b9409f012a0346 The package icu-messageformat was found to contain malicious code...
icu-messageformat (>=2.0.0 <=2.0.1) potentially affected by unknown CVE via icu-messageformat (=1.0.1)
icu-messageformat NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on icu-messageformat and may be impacted: - icu-messageformat =2.0.0, =2.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-49416...
Malicious code in icu-messageformat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1fc5a2af1395cc93448f25e96d6c16427b37dfddad7075ec3b9409f012a0346 The package icu-messageformat was found to contain malicious code...
EUVD-2025-38414
Malicious code in icu-messageformat npm...
EUVD-2025-31065
Malicious code in bioql PyPI...
EUVD-2025-31039
Malicious code in bioql PyPI...
CVE-2025-57353
The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...
CVE-2025-57349
The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...
Prototype Pollution
Overview org.webjars.npm:messageformat is an Intl.MessageFormat / Unicode MessageFormat 2 parser, runtime and polyfill Affected versions of this package are vulnerable to Prototype Pollution via improper handling of message key paths containing special characters in the process when processing...
GHSA-XFQM-J7PC-XRFC messageformat has a prototype pollution vulnerability
The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...
org.webjars.npm:angular-translate-interpolation-messageformat (>=2.15.2 <=2.19.1) potentially affected by CVE-2025-57349 via org.webjars.npm:messageformat (=1.0.2)
org.webjars.npm:messageformat MAVEN version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:messageformat and may be impacted: - org.webjars.npm:angular-translate-interpolation-messageformat =2.15.2, =2.19.1 Source cves:...
Prototype Pollution
Overview messageformat is an Intl.MessageFormat / Unicode MessageFormat 2 parser, runtime and polyfill Affected versions of this package are vulnerable to Prototype Pollution via improper handling of message key paths containing special characters in the process when processing nested message key...
messageformat has a prototype pollution vulnerability
The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...
CVE-2025-57349
The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...
CVE-2025-57349
The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...
messageformat prototype pollution vulnerability
The Runtime components of messageformat package for Node.js version 3.0.1 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...
icu-to-json (>=0.0.1 <=0.0.20) potentially affected by CVE-2025-57353 via @messageformat/runtime (=3.0.1)
@messageformat/runtime NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @messageformat/runtime and may be impacted: - icu-to-json =0.0.1, =0.0.20 Source cves: CVE-2025-57353 Source advisory: OSV:GHSA-6XV4-9CQP-92RH...
GHSA-6XV4-9CQP-92RH messageformat prototype pollution vulnerability
The Runtime components of messageformat package for Node.js version 3.0.1 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...
CVE-2025-57353
The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...