Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/05/08 3:38 p.m.9 views

CVE-2026-41693 i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite

i18next-fs-backend is a backend layer for i18next using in Node.js and for Deno to load translations from the filesystem. Prior to version 2.6.4, i18next-fs-backend substitutes the lng and ns options directly into the configured loadPath / addPath templates and then read / write the resulting fil...

8.2CVSS5.7AI score0.00292EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 8:9 p.m.35 views

CVE-2026-41691

CVE-2026-41691 affects the i18next-http-backend package. Prior to version 3.0.5, the code interpolated the languages (lng) and namespaces (ns) into loadPath/addPath URL templates without proper encoding or sanitisation, allowing an attacker-controlled language input to alter URL structure and per...

9.1CVSS5.8AI score0.00251EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 8:9 p.m.10 views

CVE-2026-41691 i18next-http-backend has Path Traversal & URL Injection via Unsanitised lng/ns

Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 3.0.5 interpolate the lng and ns values directly into the configured loadPath / addPath URL templat...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 5:43 p.m.3 views

GHSA-8847-338W-5HCJ i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite

Summary Versions of i18next-fs-backend prior to 2.6.4 interpolate the caller-supplied lng and ns values directly into the configured loadPath and addPath templates with no path-component validation and no sanitisation. When an application exposes the resolved language code to user-controlled inpu...

8.2CVSS5.8AI score0.00292EPSS
Exploits0References3
Rows per page
Query Builder