CVE-2017-16010: Cross-site Scripting

May 29, 2018 (updated October 9, 2019)

When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not.

References

github.com/i18next/i18next/pull/826
nvd.nist.gov/vuln/detail/CVE-2017-16010

Detect and mitigate CVE-2017-16010 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →