Search criteria
8 vulnerabilities found for vue-i18n by intlify
CVE-2025-53892 (GCVE-0-2025-53892)
Vulnerability from cvelistv5 – Published: 2025-07-16 13:42 – Updated: 2025-07-22 14:58
VLAI?
Title
Intlify Vue I18n's escapeParameterHtml does not prevent DOM-based XSS via tag attributes like onerror
Summary
Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fails to prevent execution of certain tag-based payloads, such as <img src=x onerror=...>, if the interpolated value is inserted inside an HTML context using v-html. This may lead to a DOM-based XSS vulnerability, even when using escapeParameterHtml: true, if a translation string includes minor HTML and is rendered via v-html. Versions 9.14.5, 10.0.8, and 11.1.0 contain a fix for the issue.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53892",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T14:58:31.075680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T14:58:34.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-x8qp-wqqm-57ph"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vue-i18n",
"vendor": "intlify",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.14.5"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.0.8"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fails to prevent execution of certain tag-based payloads, such as \u003cimg src=x onerror=...\u003e, if the interpolated value is inserted inside an HTML context using v-html. This may lead to a DOM-based XSS vulnerability, even when using escapeParameterHtml: true, if a translation string includes minor HTML and is rendered via v-html. Versions 9.14.5, 10.0.8, and 11.1.0 contain a fix for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T13:42:09.383Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-x8qp-wqqm-57ph",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-x8qp-wqqm-57ph"
},
{
"name": "https://github.com/intlify/vue-i18n/pull/2229",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/pull/2229"
},
{
"name": "https://github.com/intlify/vue-i18n/pull/2230",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/pull/2230"
},
{
"name": "https://github.com/intlify/vue-i18n/commit/49f982443ab8fd94ecc427b265ce97d57df94d7e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/commit/49f982443ab8fd94ecc427b265ce97d57df94d7e"
},
{
"name": "https://github.com/intlify/vue-i18n/commit/a47099619fb9b256e86341a8658ebe72e92ab099",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/commit/a47099619fb9b256e86341a8658ebe72e92ab099"
},
{
"name": "https://github.com/intlify/vue-i18n/releases/tag/v10.0.8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/releases/tag/v10.0.8"
},
{
"name": "https://github.com/intlify/vue-i18n/releases/tag/v11.1.10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/releases/tag/v11.1.10"
},
{
"name": "https://github.com/intlify/vue-i18n/releases/tag/v9.14.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/releases/tag/v9.14.5"
}
],
"source": {
"advisory": "GHSA-x8qp-wqqm-57ph",
"discovery": "UNKNOWN"
},
"title": "Intlify Vue I18n\u0027s escapeParameterHtml does not prevent DOM-based XSS via tag attributes like onerror"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53892",
"datePublished": "2025-07-16T13:42:09.383Z",
"dateReserved": "2025-07-11T19:05:23.825Z",
"dateUpdated": "2025-07-22T14:58:34.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27597 (GCVE-0-2025-27597)
Vulnerability from cvelistv5 – Published: 2025-03-07 15:51 – Updated: 2025-03-07 18:00
VLAI?
Title
Vue I18n Prototype Pollution in `handleFlatJson`
Summary
Vue I18n is the internationalization plugin for Vue.js. @intlify/message-resolver and @intlify/vue-i18n-core are vulnerable to Prototype Pollution through the entry function: handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context.
Severity ?
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27597",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T17:59:31.416534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:00:10.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-p2ph-7g93-hw3m"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vue-i18n",
"vendor": "intlify",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.1.0, \u003c 9.14.3"
},
{
"status": "affected",
"version": "\u003e= 10.0.0-alpha.1, \u003c 10.0.6"
},
{
"status": "affected",
"version": "\u003e= 11.0.0-beta.0, \u003c 11.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vue I18n is the internationalization plugin for Vue.js. @intlify/message-resolver and @intlify/vue-i18n-core are vulnerable to Prototype Pollution through the entry function: handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application\u0027s context."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T15:51:39.753Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-p2ph-7g93-hw3m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-p2ph-7g93-hw3m"
},
{
"name": "https://github.com/intlify/vue-i18n/commit/4bb6eacda7fc2cde5687549afa0efb27ca40862a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/commit/4bb6eacda7fc2cde5687549afa0efb27ca40862a"
}
],
"source": {
"advisory": "GHSA-p2ph-7g93-hw3m",
"discovery": "UNKNOWN"
},
"title": "Vue I18n Prototype Pollution in `handleFlatJson`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27597",
"datePublished": "2025-03-07T15:51:39.753Z",
"dateReserved": "2025-03-03T15:10:34.078Z",
"dateUpdated": "2025-03-07T18:00:10.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52810 (GCVE-0-2024-52810)
Vulnerability from cvelistv5 – Published: 2024-11-29 18:36 – Updated: 2024-12-03 14:06
VLAI?
Title
Prototype Pollution in @intlify/shared >=9.7.0 <= 10.0.4
Summary
@intlify/shared is a shared library for the intlify project. The latest version of @intlify/shared (10.0.4) is vulnerable to Prototype Pollution through the entry function(s) lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) as the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intlify:vue-i18n:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vue-i18n",
"vendor": "intlify",
"versions": [
{
"lessThanOrEqual": "9.7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "9.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.0.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52810",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T14:04:45.075483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:06:41.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vue-i18n",
"vendor": "intlify",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.7.0, \u003c 9.14.2"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "@intlify/shared is a shared library for the intlify project. The latest version of @intlify/shared (10.0.4) is vulnerable to Prototype Pollution through the entry function(s) lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) as the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application\u0027s context. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:36:08.638Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-hjwq-mjwj-4x6c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-hjwq-mjwj-4x6c"
},
{
"name": "https://github.com/intlify/vue-i18n/commit/9f20909ef8c9232a1072d7818e12ed6d6451024d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/commit/9f20909ef8c9232a1072d7818e12ed6d6451024d"
}
],
"source": {
"advisory": "GHSA-hjwq-mjwj-4x6c",
"discovery": "UNKNOWN"
},
"title": "Prototype Pollution in @intlify/shared \u003e=9.7.0 \u003c= 10.0.4"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52810",
"datePublished": "2024-11-29T18:36:08.638Z",
"dateReserved": "2024-11-15T17:11:13.443Z",
"dateUpdated": "2024-12-03T14:06:41.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52809 (GCVE-0-2024-52809)
Vulnerability from cvelistv5 – Published: 2024-11-29 18:32 – Updated: 2024-12-02 22:24
VLAI?
Title
Cross-site Scripting vulnerability with prototype pollution in vue-i18n
Summary
vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to `createI18n` or `useI18n`. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intlify:vue-i18n:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vue-i18n",
"vendor": "intlify",
"versions": [
{
"lessThan": "9.14.2",
"status": "affected",
"version": "9.3.0",
"versionType": "custom"
},
{
"lessThan": "10.0.5",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52809",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T22:20:32.771387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T22:24:19.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vue-i18n",
"vendor": "intlify",
"versions": [
{
"status": "affected",
"version": "\u003c 9.14.2"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to `createI18n` or `useI18n`. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:32:36.527Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-9r9m-ffp6-9x4v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-9r9m-ffp6-9x4v"
},
{
"name": "https://github.com/intlify/vue-i18n/commit/72f0d323006fc7363b18cab62d4522dadd874411",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/commit/72f0d323006fc7363b18cab62d4522dadd874411"
},
{
"name": "https://github.com/intlify/vue-i18n/commit/9f20909ef8c9232a1072d7818e12ed6d6451024d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/commit/9f20909ef8c9232a1072d7818e12ed6d6451024d"
}
],
"source": {
"advisory": "GHSA-9r9m-ffp6-9x4v",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting vulnerability with prototype pollution in vue-i18n"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52809",
"datePublished": "2024-11-29T18:32:36.527Z",
"dateReserved": "2024-11-15T17:11:13.443Z",
"dateUpdated": "2024-12-02T22:24:19.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53892 (GCVE-0-2025-53892)
Vulnerability from nvd – Published: 2025-07-16 13:42 – Updated: 2025-07-22 14:58
VLAI?
Title
Intlify Vue I18n's escapeParameterHtml does not prevent DOM-based XSS via tag attributes like onerror
Summary
Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fails to prevent execution of certain tag-based payloads, such as <img src=x onerror=...>, if the interpolated value is inserted inside an HTML context using v-html. This may lead to a DOM-based XSS vulnerability, even when using escapeParameterHtml: true, if a translation string includes minor HTML and is rendered via v-html. Versions 9.14.5, 10.0.8, and 11.1.0 contain a fix for the issue.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53892",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T14:58:31.075680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T14:58:34.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-x8qp-wqqm-57ph"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vue-i18n",
"vendor": "intlify",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.14.5"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.0.8"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fails to prevent execution of certain tag-based payloads, such as \u003cimg src=x onerror=...\u003e, if the interpolated value is inserted inside an HTML context using v-html. This may lead to a DOM-based XSS vulnerability, even when using escapeParameterHtml: true, if a translation string includes minor HTML and is rendered via v-html. Versions 9.14.5, 10.0.8, and 11.1.0 contain a fix for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T13:42:09.383Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-x8qp-wqqm-57ph",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-x8qp-wqqm-57ph"
},
{
"name": "https://github.com/intlify/vue-i18n/pull/2229",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/pull/2229"
},
{
"name": "https://github.com/intlify/vue-i18n/pull/2230",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/pull/2230"
},
{
"name": "https://github.com/intlify/vue-i18n/commit/49f982443ab8fd94ecc427b265ce97d57df94d7e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/commit/49f982443ab8fd94ecc427b265ce97d57df94d7e"
},
{
"name": "https://github.com/intlify/vue-i18n/commit/a47099619fb9b256e86341a8658ebe72e92ab099",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/commit/a47099619fb9b256e86341a8658ebe72e92ab099"
},
{
"name": "https://github.com/intlify/vue-i18n/releases/tag/v10.0.8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/releases/tag/v10.0.8"
},
{
"name": "https://github.com/intlify/vue-i18n/releases/tag/v11.1.10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/releases/tag/v11.1.10"
},
{
"name": "https://github.com/intlify/vue-i18n/releases/tag/v9.14.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/releases/tag/v9.14.5"
}
],
"source": {
"advisory": "GHSA-x8qp-wqqm-57ph",
"discovery": "UNKNOWN"
},
"title": "Intlify Vue I18n\u0027s escapeParameterHtml does not prevent DOM-based XSS via tag attributes like onerror"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53892",
"datePublished": "2025-07-16T13:42:09.383Z",
"dateReserved": "2025-07-11T19:05:23.825Z",
"dateUpdated": "2025-07-22T14:58:34.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27597 (GCVE-0-2025-27597)
Vulnerability from nvd – Published: 2025-03-07 15:51 – Updated: 2025-03-07 18:00
VLAI?
Title
Vue I18n Prototype Pollution in `handleFlatJson`
Summary
Vue I18n is the internationalization plugin for Vue.js. @intlify/message-resolver and @intlify/vue-i18n-core are vulnerable to Prototype Pollution through the entry function: handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context.
Severity ?
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27597",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T17:59:31.416534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:00:10.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-p2ph-7g93-hw3m"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vue-i18n",
"vendor": "intlify",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.1.0, \u003c 9.14.3"
},
{
"status": "affected",
"version": "\u003e= 10.0.0-alpha.1, \u003c 10.0.6"
},
{
"status": "affected",
"version": "\u003e= 11.0.0-beta.0, \u003c 11.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vue I18n is the internationalization plugin for Vue.js. @intlify/message-resolver and @intlify/vue-i18n-core are vulnerable to Prototype Pollution through the entry function: handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application\u0027s context."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T15:51:39.753Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-p2ph-7g93-hw3m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-p2ph-7g93-hw3m"
},
{
"name": "https://github.com/intlify/vue-i18n/commit/4bb6eacda7fc2cde5687549afa0efb27ca40862a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/commit/4bb6eacda7fc2cde5687549afa0efb27ca40862a"
}
],
"source": {
"advisory": "GHSA-p2ph-7g93-hw3m",
"discovery": "UNKNOWN"
},
"title": "Vue I18n Prototype Pollution in `handleFlatJson`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27597",
"datePublished": "2025-03-07T15:51:39.753Z",
"dateReserved": "2025-03-03T15:10:34.078Z",
"dateUpdated": "2025-03-07T18:00:10.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52810 (GCVE-0-2024-52810)
Vulnerability from nvd – Published: 2024-11-29 18:36 – Updated: 2024-12-03 14:06
VLAI?
Title
Prototype Pollution in @intlify/shared >=9.7.0 <= 10.0.4
Summary
@intlify/shared is a shared library for the intlify project. The latest version of @intlify/shared (10.0.4) is vulnerable to Prototype Pollution through the entry function(s) lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) as the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intlify:vue-i18n:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vue-i18n",
"vendor": "intlify",
"versions": [
{
"lessThanOrEqual": "9.7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "9.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.0.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52810",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T14:04:45.075483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:06:41.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vue-i18n",
"vendor": "intlify",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.7.0, \u003c 9.14.2"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "@intlify/shared is a shared library for the intlify project. The latest version of @intlify/shared (10.0.4) is vulnerable to Prototype Pollution through the entry function(s) lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) as the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application\u0027s context. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:36:08.638Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-hjwq-mjwj-4x6c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-hjwq-mjwj-4x6c"
},
{
"name": "https://github.com/intlify/vue-i18n/commit/9f20909ef8c9232a1072d7818e12ed6d6451024d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/commit/9f20909ef8c9232a1072d7818e12ed6d6451024d"
}
],
"source": {
"advisory": "GHSA-hjwq-mjwj-4x6c",
"discovery": "UNKNOWN"
},
"title": "Prototype Pollution in @intlify/shared \u003e=9.7.0 \u003c= 10.0.4"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52810",
"datePublished": "2024-11-29T18:36:08.638Z",
"dateReserved": "2024-11-15T17:11:13.443Z",
"dateUpdated": "2024-12-03T14:06:41.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52809 (GCVE-0-2024-52809)
Vulnerability from nvd – Published: 2024-11-29 18:32 – Updated: 2024-12-02 22:24
VLAI?
Title
Cross-site Scripting vulnerability with prototype pollution in vue-i18n
Summary
vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to `createI18n` or `useI18n`. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intlify:vue-i18n:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vue-i18n",
"vendor": "intlify",
"versions": [
{
"lessThan": "9.14.2",
"status": "affected",
"version": "9.3.0",
"versionType": "custom"
},
{
"lessThan": "10.0.5",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52809",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T22:20:32.771387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T22:24:19.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vue-i18n",
"vendor": "intlify",
"versions": [
{
"status": "affected",
"version": "\u003c 9.14.2"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to `createI18n` or `useI18n`. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:32:36.527Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-9r9m-ffp6-9x4v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-9r9m-ffp6-9x4v"
},
{
"name": "https://github.com/intlify/vue-i18n/commit/72f0d323006fc7363b18cab62d4522dadd874411",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/commit/72f0d323006fc7363b18cab62d4522dadd874411"
},
{
"name": "https://github.com/intlify/vue-i18n/commit/9f20909ef8c9232a1072d7818e12ed6d6451024d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/intlify/vue-i18n/commit/9f20909ef8c9232a1072d7818e12ed6d6451024d"
}
],
"source": {
"advisory": "GHSA-9r9m-ffp6-9x4v",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting vulnerability with prototype pollution in vue-i18n"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52809",
"datePublished": "2024-11-29T18:32:36.527Z",
"dateReserved": "2024-11-15T17:11:13.443Z",
"dateUpdated": "2024-12-02T22:24:19.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}