Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Translate Cache Poisoning Vulnerability
Vulnerability Description
Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served. Version 3.0.0 fixes this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Francisco Translate 安全漏洞
Vulnerability Description
Francisco Translate是一个用于在浏览器或Node.js上翻译文本的库。 Francisco Translate 3.0.0之前版本存在安全漏洞。攻击者利用该漏洞能够执行缓存中毒攻击。
CVSS Information
N/A
Vulnerability Type
N/A