Home > Vulnerability Database > CVE-2024-29042

Mend.io Vulnerability Database

CVE-2024-29042

Good to know:

Date: March 22, 2024

Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the "translate" function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The "opt.id" parameter allows the overwriting of the cache key. If an attacker sets the "id" variable to the cache key that would be generated by another user, they can choose the response that user gets served. Version 3.0.0 fixes this issue.

Language: JS

Severity Score

5.3

Related Resources (6)

Url: https://github.com/franciscop/translate

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-29042

Url: https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj

Url: https://github.com/franciscop/translate/commit/7a2bf8b9f05f7c45c09683973ef4d8e995804aa4

Url: https://github.com/franciscop/translate/commit/cc1ba03078102f83e0503a96f1a081489bb865d3

Url: https://www.mend.io/vulnerability-database/CVE-2024-29042

Severity Score

5.3

Weakness Type (CWE)

Improper Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version translate - 3.0.0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-29042

Good to know:

Date: March 22, 2024

Language: JS

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?