google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability
- Severity:
- Low
Description
A Server-Side Request Forgery (SSRF) Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set a malicious tld, causing the application to return unsafe URLs pointing towards local resources.
Recommendation
Update the google-translate-api-browser package to the latest compatible version. Followings are version details:
- Affected version(s): < 4.1.0
- Patched version(s): 4.1.0
References
Related Issues
- tiny-secp256k1 allows for verify() bypass when running in bundled environment - CVE-2024-49365
- Astro's server source code is exposed to the public if sourcemaps are enabled - CVE-2024-56159
- Vue I18n Allows Prototype Pollution in `handleFlatJson` (GHSA-p2ph-7g93-hw3m) - CVE-2025-27597
- Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - CVE-2022-0536
- Tags:
- npm
- google-translate-api-browser
Anything's wrong? Let us know Last updated on November 27, 2023