CVE-2024-21528
MEDIUMnode-gettext - Prototype Pollution via addTranslations() Function
Title source: llmDescription
All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization.
References (2)
Core 2
Core References
Various Sources
https://github.com/alexanderwallin/node-gettext/blob/65d9670f691c2eeca40dce129c95bcf8b613d344/lib/gettext.js%23L113
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-NODEGETTEXT-6100943
Scores
CVSS v3
5.9
EPSS
0.0057
EPSS Percentile
42.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1321
Status
published
Products (2)
n/a/node-gettext
npm/node-gettext
0npm
Published
Sep 10, 2024
Tracked Since
Feb 18, 2026