Cross-site Scripting (XSS) Vulnerability in Vue-i18n Affects Vue.js Users
CVE-2024-52809
Currently unrated
Key Information:
- Vendor
- Intlify
- Status
- Vue-i18n
- Vendor
- CVE Published:
- 29 November 2024
Summary
vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to createI18n
or useI18n
. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected Version(s)
vue-i18n < 9.14.2 < 9.14.2
vue-i18n >= 10.0.0, < 10.0.5 < 10.0.0, 10.0.5
References
Timeline
Vulnerability published
Vulnerability Reserved