vue-i18n@9.3.0-beta.12-e5210d2 vulnerabilities

Internationalization plugin for Vue.js

  • latest version

    11.1.2

  • latest non vulnerable version

  • first published

    10 years ago

  • latest version published

    9 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the vue-i18n package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Prototype Pollution

    vue-i18n is an Internationalization plugin for Vue.js

    Affected versions of this package are vulnerable to Prototype Pollution through the handleFlatJson function due to improper input validation. An attacker can introduce or modify properties within the global prototype chain, potentially causing denial of service or escalating to execute arbitrary commands within the application's context if the polluted property interacts with sensitive Node.js APIs like exec or eval.

    How to fix Prototype Pollution?

    Upgrade vue-i18n to version 9.14.3, 10.0.6, 11.1.2 or higher.

    >=9.1.0 <9.14.3>=10.0.0-alpha.1 <10.0.6>=11.0.0-beta.0 <11.1.2