Neverending Plethora of Modules
i18n-node-angular

Denial of Service and Content Injection

Severity: high

Overview

Versions of i18n-node-angular prior to 1.4.0 are affected by denial of service and cross-site scripting vulnerabilities. The vulnerabilities exist in a REST endpoint that was created for development purposes, but was not disabled in production in affected versions.

Remediation

Update to version 1.4.0 or later.

Vulnerable versions

0.2.0
5 years ago
0.3.0
4 years ago
0.3.1
4 years ago
0.3.2
4 years ago
1.1.3
4 years ago
1.2.0
4 years ago
1.2.1
4 years ago
1.3.0
4 years ago
1.3.2
3 years ago
1.3.3
3 years ago
1.3.4
3 years ago
1.3.5
3 years ago

Unaffected versions

0.2.0-beta1
5 years ago
0.2.0-beta2
5 years ago
1.4.0
3 years ago
2.0.0
a year ago
2.0.1
a year ago

Resources

Advisory timeline

  1. Published

    Advisory published
    Jan 25th, 2016
  2. Reported

    Initial report by Garth Boyd
    Jan 25th, 2016