CVE-2024-21528: node-gettext vulnerable to Prototype Pollution

September 10, 2024 (updated November 18, 2024)

All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization.

References

github.com/advisories/GHSA-g974-hxvm-x689
github.com/alexanderwallin/node-gettext
github.com/alexanderwallin/node-gettext/blob/65d9670f691c2eeca40dce129c95bcf8b613d344/lib/gettext.js
nvd.nist.gov/vuln/detail/CVE-2024-21528
security.snyk.io/vuln/SNYK-JS-NODEGETTEXT-6100943

Code Behaviors & Features

Detect and mitigate CVE-2024-21528 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →