Tag

I18next

3 briefs RSS

i18next-http-middleware Prototype Pollution and Path Traversal Vulnerability

Versions of i18next-http-middleware before 3.9.3 are vulnerable to prototype pollution, path traversal, and server-side request forgery (SSRF) due to improper validation of user-controlled language and namespace parameters, potentially leading to denial of service or remote code execution.

i18next-http-middleware prototype-pollution path-traversal ssrf denial-of-service i18next

2r 2t Jan 26, 2024

high advisory

i18next-fs-backend Path Traversal Vulnerability

2 rules 1 TTP

i18next-fs-backend versions before 2.6.4 are vulnerable to path traversal due to insufficient sanitization of the lng and ns values, potentially allowing attackers to read arbitrary files, overwrite files, or execute code if .js or .ts locale files are in use.

i18next-fs-backend path-traversal i18next arbitrary-file-read arbitrary-file-write code-execution

2r 1t Jan 25, 2024

medium advisory

i18next-http-middleware HTTP Response Splitting and DoS Vulnerability

2 rules 1 TTP

i18next-http-middleware versions before 3.9.3 are vulnerable to HTTP response splitting and denial-of-service attacks due to unsanitized Content-Language headers, potentially leading to session fixation, cache poisoning, reflected XSS, or complete service disruption depending on the Node.js version.

i18next-http-middleware crlf-injection http-response-splitting denial-of-service i18next

2r 1t Jan 3, 2024