CVE-2024-29042
CVSS V2 None
CVSS V3 None
Description
Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served. Version 3.0.0 fixes this issue.
Overview
- CVE ID
- CVE-2024-29042
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-03-22T16:46:21.456Z
- Last Modified Date
- 2024-03-22T16:46:21.456Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj | x_refsource_CONFIRM |
https://github.com/franciscop/translate/commit/7a2bf8b9f05f7c45c09683973ef4d8e995804aa4 | x_refsource_MISC |
https://github.com/franciscop/translate/commit/cc1ba03078102f83e0503a96f1a081489bb865d3 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-29042 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29042 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-26 02:44:22 | Added to TrackCVE |