GHSA-hfvc-g252-rp4g

Suggest an improvement
Source
https://github.com/advisories/GHSA-hfvc-g252-rp4g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/12/GHSA-hfvc-g252-rp4g/GHSA-hfvc-g252-rp4g.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-hfvc-g252-rp4g
Aliases
Published
2020-12-14T19:50:22Z
Modified
2023-11-08T04:04:10.700134Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Denial of Service in i18n
Details

This affects the package i18n before version 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs.

Database specific
{
    "nvd_published_at": "2020-12-11T17:15:00Z",
    "github_reviewed_at": "2020-12-14T19:48:58Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-20",
        "CWE-400"
    ]
}
References

Affected packages

NuGet / i18n

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.15

Affected versions

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5-candidate
1.0.5
1.0.6
1.0.7
1.0.8

2.*

2.1.0
2.1.1
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10-pre000
2.1.10-pre005
2.1.10-pre006
2.1.10-pre011
2.1.10
2.1.11-pre000
2.1.11-pre001
2.1.11-pre002
2.1.11
2.1.12-pre001
2.1.13
2.1.14
2.1.15-pre000