Denial of Service and Content Injection

Module: i18n-node-angular

Published: January 25th, 2016

Reported by: Garth Boyd

CVE-NONE

CWE-730

Vulnerable: <1.4.0
Patched: >=1.4.0

Overview

Versions of i18n-node-angular prior to 1.4.0 are affected by denial of service and cross-site scripting vulnerabilities. The vulnerabilities exist in a REST endpoint that was created for development purposes, but was not disabled in production in affected versions.

Remediation

Update to version 1.4.0 or later.

References

Commit #877720d