CVE-2024-43370
Published
CVSS v3
7.2
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting (XSS) injection if `.po` dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.
gettext.js is a lightweight yet complete and accurate GNU gettext port for node and the browser.
GitHub