1
Candidate: CVE-2017-16010
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16010
5
https://github.com/i18next/i18next/pull/826
6
https://nodesecurity.io/advisories/326
8
i18next is a language translation framework. When using the .init method,
9
passing interpolation options without passing an escapeValue will default
10
to undefined rather than the assumed true. This can result in a cross-site
11
scripting vulnerability because user input is assumed to be escaped, but is
12
not. This vulnerability affects i18next 2.0.0 and later.
21
Patches_libjs-i18next:
22
upstream_libjs-i18next: needs-triage
23
precise/esm_libjs-i18next: DNE
24
trusty_libjs-i18next: DNE
25
xenial_libjs-i18next: needs-triage
26
artful_libjs-i18next: needs-triage
27
bionic_libjs-i18next: needs-triage
28
devel_libjs-i18next: needs-triage