[GHSA-p2ph-7g93-hw3m] Vue I18n Allows Prototype Pollution in handleFlatJson

[G-Rath]

Updates

• Affected products
• CVSS v4
• Severity

Comments
patch version was incorrect, and apparently the severity string was too (according to the form 🤷)

[github]

Hi there @kazupon! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

[Copilot]

Pull request overview

This pull request updates the OSV advisory entry for GHSA-p2ph-7g93-hw3m (Vue I18n prototype pollution in handleFlatJson) to reflect corrected metadata and impact information.

Changes:

• Updated the advisory’s modified timestamp to reflect the latest upstream modification time.
• Adjusted the CVSS v4 vector string and raised database_specific.severity to CRITICAL.
• Corrected the affected version range for @intlify/vue-i18n-core (10.x line) so the fix is recorded as 10.0.6 and removed the now-redundant last_known_affected_version_range field for that range.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.