GMS-2017-118: Cross-Site Scripting

March 14, 2017

Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser.

References

github.com/i18next/i18next/pull/443

Detect and mitigate GMS-2017-118 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →