CVE-2016-10524 — Denial of Service and Content Injection in i18n-node-angular

Description

Versions of `i18n-node-angular` prior to 1.4.0 are affected by denial of service and cross-site scripting vulnerabilities. The vulnerabilities exist in a REST endpoint that was created for development purposes, but was not disabled in production in affected versions. ## Recommendation Update to version 1.4.0 or later.

How to fix CVE-2016-10524

To remediate CVE-2016-10524, upgrade the affected package to a fixed version below.

—upgrade to 1.4.0 or later

Is CVE-2016-10524 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1.4.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.2	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H

References (5)

ADVISORYgithub.com/advisories/GHSA-97gv-3p2c-xw7j
ADVISORYnvd.nist.gov/vuln/detail/CVE-2016-10524
PATCHgithub.com/oliversalzburg/i18n-node-angular
WEBgithub.com/oliversalzburg/i18n-node-angular/commit/877720d2d9bb90dc8233706e81ffa03f99fc9dc8