npm

Severity: high

Denial of Service and Content Injection

i18n-node-angular

Overview

Versions of i18n-node-angular prior to 1.4.0 are affected by denial of service and cross-site scripting vulnerabilities. The vulnerabilities exist in a REST endpoint that was created for development purposes, but was not disabled in production in affected versions.

Remediation

Update to version 1.4.0 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Jan 25th, 2016
  2. reported

    Initial report by Garth Boyd
    Jan 25th, 2016