Cross-Site Scripting Vulnerability in GNU Gettext Port for Node and Browser

CVE-2024-43370

Currently unrated 🤨

Key Information

Vendor: GNU
Vendor: CVE Published:; 16 August 2024

Summary

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting (XSS) injection if `.po` dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.

Timeline

Vulnerability published.
Aug 16, 2024

Collectors

NVD Database