CVE-2025-57354

Name of the Vulnerable Software and Affected Versions counterpart versions prior to 0.18.6

Description A flaw exists in the 'counterpart' library for Node.js and the browser because of inadequate sanitization of user-controlled input during translation key processing. Insufficient validation of translation keys allows attackers to manipulate the library’s functionality by supplying maliciously crafted keys containing prototype chain elements, such as proto, leading to prototype pollution. This enables adversaries to inject arbitrary properties into the JavaScript Object prototype through the first parameter of the translate method when used with specific separator configurations. This can potentially result in denial-of-service conditions or remote code execution in vulnerable applications.

Recommendations Update to counterpart version 0.18.6 or later.