CVE-2024-29042

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-29042
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29042.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-29042
Aliases
Related
Published
2024-03-22T17:15:07Z
Modified
2025-07-02T00:30:03.254796Z
Summary
[none]
Details

Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the translate function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The opt.id parameter allows the overwriting of the cache key. If an attacker sets the id variable to the cache key that would be generated by another user, they can choose the response that user gets served. Version 3.0.0 fixes this issue.

References

Affected packages

Git / github.com/franciscop/translate

Affected ranges

Type
GIT
Repo
https://github.com/franciscop/translate
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

1.*

1.0.0
1.0.1
1.0.2

v1.*

v1.0.3
v1.0.4
v1.1.0
v1.1.1
v1.1.2
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.4.0
v1.4.1

v2.*

v2.0.0
v2.0.1
v2.0.2