Home > Vulnerability Database > CVE-2024-52809

Mend.io Vulnerability Database

CVE-2024-52809

Good to know:

Date: November 29, 2024

vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to "createI18n" or "useI18n". When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: TYPE_SCRIPT

Severity Score

6.3

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-52809

Url: https://github.com/intlify/vue-i18n

Url: https://github.com/intlify/vue-i18n/commit/9f20909ef8c9232a1072d7818e12ed6d6451024d

Url: https://github.com/intlify/vue-i18n/commit/72f0d323006fc7363b18cab62d4522dadd874411

Url: https://github.com/intlify/vue-i18n/security/advisories/GHSA-9r9m-ffp6-9x4v

Url: https://www.mend.io/vulnerability-database/CVE-2024-52809

Severity Score

6.3

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version @intlify/core-base - 9.14.2;@intlify/core-base - 10.0.5;petite-vue-i18n - 10.0.5;@intlify/vue-i18n-core - 9.14.2;@intlify/vue-i18n-core - 10.0.5;vue-i18n - 9.14.2;vue-i18n - 10.0.5;@intlify/core - 10.0.5;@intlify/core - 9.14.2;vue-i18n - 9.14.2;vue-i18n - 10.0.5

Learn More

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-52809

Good to know:

Date: November 29, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?