Description
An attacker controlling the second variable of the translate function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users.
Recommendation
Update the translate package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.0.0
- Patched version(s): 3.0.0
References
Related Issues
- Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning - CVE-2026-46342
- Astro: Cache Poisoning due to incorrect error handling when if-match header is malformed - CVE-2026-41322
- sanitize-html Information Exposure vulnerability - CVE-2024-21501
- mapshaper Path Traversal vulnerability - CVE-2024-1163
You might also like:
- Tags:
- npm
- translate
Anything's wrong? Let us know Last updated on March 22, 2024