3 matches found
@rigorous/google-translate (=1.0.13), breadbutter-js (=4.6.0) +2 more potentially affected by CVE-2023-48711 via google-translate-api-browser (>=1.1.521 <=3.0.1)
google-translate-api-browser NPM version =1.1.521, =1.6.0, =0.1.2, =0.1.5 Source cves: CVE-2023-48711 Source advisory: OSV:GHSA-4233-7Q5Q-M7P6...
CVE-2023-48711 Server-Side Request Forgery (SSRF) Vulnerability in google-translate-api-browser
google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set ...
CVE-2023-48711
CVE-2023-48711 corresponds to a Server-Side Request Forgery (SSRF) in google-translate-api-browser. The vulnerability arises when applications expose translateOptions to end users; the translateOptions.tld field is not properly sanitized before embedding in the Google Translate URL, enabling an a...