CVE-2025-27597: Vue I18n Allows Prototype Pollution in `handleFlatJson`
(updated )
Vulnerability type: Prototype Pollution
Vulnerability Location(s):
References
- github.com/advisories/GHSA-p2ph-7g93-hw3m
- github.com/intlify/vue-i18n
- github.com/intlify/vue-i18n/commit/4bb6eacda7fc2cde5687549afa0efb27ca40862a
- github.com/intlify/vue-i18n/commit/d21e06a7440eed8ada7f522b22fcf830b98d3a53
- github.com/intlify/vue-i18n/commit/fbda9988d3ddd3a1a21740d506d2c183d6b6e36a
- github.com/intlify/vue-i18n/commit/feaf13fcff427f2cb1d5ec8076e639506ba28f9e
- github.com/intlify/vue-i18n/releases/tag/v10.0.6
- github.com/intlify/vue-i18n/releases/tag/v11.1.2
- github.com/intlify/vue-i18n/releases/tag/v9.14.3
- github.com/intlify/vue-i18n/security/advisories/GHSA-p2ph-7g93-hw3m
- nvd.nist.gov/vuln/detail/CVE-2025-27597
Code Behaviors & Features
Detect and mitigate CVE-2025-27597 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →