{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T14:10:27.953","vulnerabilities":[{"cve":{"id":"CVE-2024-29042","sourceIdentifier":"security-advisories@github.com","published":"2024-03-22T17:15:07.990","lastModified":"2025-12-05T20:05:22.223","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served. Version 3.0.0 fixes this issue."},{"lang":"es","value":"Translate es un paquete que permite a los usuarios convertir texto a diferentes idiomas en Node.js y el navegador. Antes de la versión 3.0.0, un atacante que controlaba la segunda variable de la función \"traducir\" podía realizar un ataque de envenenamiento de caché. Pueden cambiar el resultado de las solicitudes de traducción realizadas por usuarios posteriores. El parámetro `opt.id` permite sobrescribir la clave de caché. Si un atacante establece la variable `id` en la clave de caché que generaría otro usuario, puede elegir la respuesta que recibirá ese usuario. La versión 3.0.0 soluciona este problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:francisco:translate:*:*:*:*:*:node.js:*:*","versionEndExcluding":"3.0.0","matchCriteriaId":"BF5066B0-2744-4C94-A51D-4A2A944E925A"}]}]}],"references":[{"url":"https://github.com/franciscop/translate/commit/7a2bf8b9f05f7c45c09683973ef4d8e995804aa4","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/franciscop/translate/commit/cc1ba03078102f83e0503a96f1a081489bb865d3","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/franciscop/translate/commit/7a2bf8b9f05f7c45c09683973ef4d8e995804aa4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/franciscop/translate/commit/cc1ba03078102f83e0503a96f1a081489bb865d3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}}]}