Cross-site Scripting (XSS) Vulnerability in Vue-i18n Affects Vue.js Users
CVE-2024-52809
Currently unrated 🤨
Key Information
- Vendor
- Intlify
- Status
- Vue-i18n
- Vendor
- CVE Published:
- 29 November 2024
Summary
vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to createI18n
or useI18n
. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected Version(s)
vue-i18n < 9.14.2
vue-i18n < 10.0.0, 10.0.5
References
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database