Filipeom

**Name of the Vulnerable Software and Affected Versions** @blakeembrey/template versions prior to 1.2.0 **Description** The issue allows an attacker to inject and run code within the template if they have access to write the template name. This can be achieved by exploiting the template display name feature. **Recommendations** For versions prior to 1.2.0, upgrade to version 1.2.0 to fix the issue. As a temporary workaround, do not pass untrusted input as the template display name, or do not use the display name feature.

**Name of the Vulnerable Software and Affected Versions** gettext.js versions prior to 2.0.3 **Description** The issue is related to a cross-site scripting (XSS) injection in gettext.js, a GNU gettext port for node and the browser, when `.po` dictionary definition files are corrupted. **Recommendations** For versions prior to 2.0.3, update gettext.js to version 2.0.3. As a temporary workaround, control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.