PT-2024-30534 · Unknown · Gettext.Js

Filipeom

Published

2024-08-15

Updated

2024-08-19

CVE-2024-43370

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions gettext.js versions prior to 2.0.3

Description The issue is related to a cross-site scripting (XSS) injection in gettext.js, a GNU gettext port for node and the browser, when .po dictionary definition files are corrupted.

Recommendations For versions prior to 2.0.3, update gettext.js to version 2.0.3. As a temporary workaround, control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-43370

GHSA-VWHG-JWR4-VXGG

Affected Products

Gettext.Js

PT-2024-30534 · Unknown · Gettext.Js

CVE-2024-43370

Weakness Enumeration

Related Identifiers

Affected Products

References · 16