CVE-2017-16008: Cross-site Scripting

June 4, 2018 (updated October 9, 2019)

Because of how string interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser.

References

github.com/i18next/i18next/pull/443
nvd.nist.gov/vuln/detail/CVE-2017-16008

Detect and mitigate CVE-2017-16008 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →