The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special characters (e.g., __proto__ ), which can lead to unintended modification of the JavaScript Object prototype. This vulnerability may allow a remote attacker to inject properties into the global object prototype via specially crafted message input, potentially causing denial of service or other undefined behaviors in applications using the affected component.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HOpenjsf Messageformat
APPOpenjsf< 2.3.0
Powiązane podatności
WebdriverIO: command injection w orkiestracji testów prowadzący do RCE
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family U...
nvm (Node Version Manager) through 0.40.4 executes arbitrary commands from version strings supplied by the con...
fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitte...
fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its n...