CVE-2025-57353

The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...

PT-2025-39330

Name of the Vulnerable Software and Affected Versions messageformat versions prior to 2.3.0 Description The messageformat package, a JavaScript implementation of the Unicode MessageFormat 2 specification, contains a flaw related to improper handling of message key paths. This can lead to prototyp...

CVE-2025-57353

CVE-2025-57353 affects the Runtime components of the Node.js messageformat package (versions before 3.0.2). The issue is a prototype pollution vulnerability caused by insufficient validation of nested message keys during processing, allowing an attacker to modify Object.prototype and inject arbit...

CVE-2025-57353

The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...

PT-2025-39317

Name of the Vulnerable Software and Affected Versions messageformat versions prior to 3.0.1 Description The Runtime components of the messageformat package for Node.js are susceptible to a prototype pollution issue. Insufficient validation of nested message keys during message data processing...

messageformat 安全漏洞

messageformat is a messageformat open source ICU message format and Unicode message format library for Javascript. A security vulnerability exists in messageformat versions prior to 2.3.0 that stems from improper handling of nested message keys containing special characters, which could lead to...

CVE-2025-57349

The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...

CVE-2025-57349

CVE-2025-57349 affects the messageformat package (JavaScript) prior to version 2.3.0. The root cause is improper handling of nested message keys containing special characters (e.g., proto ), enabling prototype pollution that can modify Object.prototype and cause denial of service or undefined beh...

CVE-2025-57349

The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...

messageformat 安全漏洞

messageformat is a messageformat open source ICU message format and Unicode message format library for Javascript. A security vulnerability exists in messageformat versions prior to 3.0.1, which stems from insufficient validation of nested message keys and could lead to a prototype pollution atta...

CVE-2025-57353

The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...

Information Disclosure

Glassfish is vulnerable to information disclosure. This is because the MessageFormat parameters are not double single quote escaped e.g., ' '0' '...