Lucene search
K

6 matches found

EUVD
EUVD
added 2026/06/25 5:28 p.m.7 views

EUVD-2026-37005

i18next-fs-backend vulnerable to prototype pollution via crafted missing-key string...

9.1CVSS5.8AI score0.00419EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 5:28 p.m.8 views

EUVD-2026-37006

i18next-http-middleware: MissingKeyHandler does not reject keys whose segments contain prototype-polluting names...

9.1CVSS5.8AI score0.00419EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 10:16 p.m.14 views

CVE-2026-48713

Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys e.g. via i18next-http-middleware's missingKeyHandler exposed to untrusted input. Backend.writeFile splits each queued missing-key string on the configured...

9.1CVSS0.00419EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 8:41 p.m.20 views

CVE-2026-48714

The CVE-2026-48714 issue affects i18next-http-middleware prior to 3.9.7. The missingKeyHandler can accept request-body keys like proto , constructor, and prototype (and similar dotted variants) and, when downstream backends such as i18next-fs-backend ≤ 2.6.5 split on keySeparator, passes them to ...

9.1CVSS5.4AI score0.00419EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.20 views

PT-2026-49528

Name of the Vulnerable Software and Affected Versions i18next versions prior to 2.6.6 Description Prototype pollution occurs via crafted missing-key strings when used to persist missing translation keys. This happens when the Backend.writeFile function splits queued missing-key strings using the...

9.1CVSS5.9AI score0.00419EPSS
Exploits0References10
OSV
OSV
added 2026/04/22 5:40 p.m.5 views

GHSA-5FGG-JCPF-8JJW i18next-http-middleware: Prototype pollution and path traversal via user-controlled language and namespace parameters

Summary Versions of i18next-http-middleware prior to 3.9.3 pass user-controlled lng and ns parameters to two internal paths that use them in ways that enable prototype pollution and, depending on the configured backend, path traversal or SSRF. The vulnerable entry points are unauthenticated HTTP...

8.6CVSS5.8AI score0.0031EPSS
Exploits0References4
Rows per page
Query Builder