google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability

Severity:: Low

Description

A Server-Side Request Forgery (SSRF) Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set a malicious tld, causing the application to return unsafe URLs pointing towards local resources.

Recommendation

Update the google-translate-api-browser package to the latest compatible version. Followings are version details:

Affected version(s): < 4.1.0
Patched version(s): 4.1.0

References

GHSA-4233-7q5q-m7p6
CVE-2023-48711
CWE-918
CAPEC-310
OWASP 2021-A10
OWASP 2021-A6

Related Issues

Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability - CVE-2025-15104
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability - CVE-2024-32964
Server-Side Request Forgery (SSRF) in vriteio/vrite - CVE-2023-5572
HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability - CVE-2025-59155

Tags:: npm; google-translate-api-browser

Anything's wrong? Let us know Last updated on November 27, 2023