Prototype Pollution

Overview org.webjars.npm:messageformat is an Intl.MessageFormat / Unicode MessageFormat 2 parser, runtime and polyfill Affected versions of this package are vulnerable to Prototype Pollution via improper handling of message key paths containing special characters in the process when processing...

org.webjars.npm:angular-translate-interpolation-messageformat (>=2.15.2 <=2.19.1) potentially affected by CVE-2025-57349 via org.webjars.npm:messageformat (=1.0.2)

org.webjars.npm:messageformat MAVEN version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:messageformat and may be impacted: - org.webjars.npm:angular-translate-interpolation-messageformat =2.15.2, =2.19.1 Source cves:...

CVE-2025-57349

The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...

GHSA-6XV4-9CQP-92RH messageformat prototype pollution vulnerability

The Runtime components of messageformat package for Node.js version 3.0.1 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...

messageformat 安全漏洞

messageformat is a messageformat open source ICU message format and Unicode message format library for Javascript. A security vulnerability exists in messageformat versions prior to 3.0.1, which stems from insufficient validation of nested message keys and could lead to a prototype pollution atta...