Cross-Site Scripting Vulnerability in GNU Gettext Port for Node and Browser
CVE-2024-43370

Currently unrated

Key Information:

Vendor: GNU
Vendor: CVE Published:; 16 August 2024

Summary

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting (XSS) injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.

References

https://github.com/guillaumepotier/gettext.js/security/ad...

https://github.com/guillaumepotier/gettext.js/commit/8150...

Timeline

Vulnerability published
Aug 16, 2024