cvedb.io
CVE-2024-43370
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2024-08-16T02:15:17.487 · Last modified 2026-06-17T07:50:54.177

Summary

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting (XSS) injection if `.po` dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.