This affects the package i18n before version 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs.
{ "nvd_published_at": "2020-12-11T17:15:00Z", "github_reviewed_at": "2020-12-14T19:48:58Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-20", "CWE-400" ] }