CNNVD-202509-3792 Information

CNNVD ID

CNNVD-202509-3792

Related CVE

CVE-2025-57349

• CNNVD Published: 2025-09-24

Description (Chinese)

messageformat是messageformat开源的一个用于Javascript的ICU消息格式和Unicode消息格式库。 messageformat 2.3.0之前版本存在安全漏洞，该漏洞源于对包含特殊字符的嵌套消息键处理不当，可能导致原型污染，进而造成拒绝服务或其他未定义行为。

Description (English)

Messageformat is an ICU message format and Unicode message library for Javascript. There is a safety loophole in the pre-session version of messageformat 2.3.0, which arises from the inappropriate handling of embedded message keys containing special characters, which may lead to prototype contamination, leading to the denial of services or other undefined behaviour.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Meta Spark

Published

2025-09-24

Last Modified

2026-02-24

References

https://github.com/messageformat/messageformat/issues/452

Patch

https://github.com/messageformat/messageformat/releases