3 matches found
CVE-2026-41885
i18next-locize-backend is a simple i18next backend for locize.com which can be used in Node.js, in the browser and for Deno. Prior to version 9.0.2, i18next-locize-backend interpolates lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath /...
CVE-2026-41885 Path traversal / URL injection via unsanitised lng/ns/projectId/version in i18next-locize-backend
i18next-locize-backend is a simple i18next backend for locize.com which can be used in Node.js, in the browser and for Deno. Prior to version 9.0.2, i18next-locize-backend interpolates lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath /...
PT-2026-37155
Name of the Vulnerable Software and Affected Versions i18next-locize-backend versions prior to 9.0.2 Description The software interpolates lng, ns, projectId, and version directly into configured URL templates such as 'loadPath', 'privatePath', 'addPath', 'updatePath', and 'getLanguagesPath'...