{
  "schema_version": "1.4.0",
  "id": "GHSA-882j-4vj5-7vmj",
  "modified": "2024-03-22T20:02:15Z",
  "published": "2024-03-22T16:57:21Z",
  "aliases": [
    "CVE-2024-29042"
  ],
  "summary": "Cache Poisoning Vulnerability",
  "details": "### Summary\nAn attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users.\n\n### Details\nThe `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served.\n\n### PoC\nTake the following simple server allowing users to supply text and the language to translate to.\n```javascript\nimport translate from \"translate\";\nimport express from 'express';\n\nconst app = express();\napp.use(express.json());\n\napp.post('/translate', async (req, res) => {\n  const { text, language } = req.body;\n  const result = await translate(text, language);\n  return res.json(result);\n});\n\nconst port = 3000;\napp.listen(port, () => {\n  console.log(`Server is running on port ${port}`);\n});\n```\n\nWe can send the following request to poison the cache:\n```\n{\"text\":\"I hate you\", \"language\":{\"to\":\"nl\",\"id\":\"undefined:en:nl:google:I love you\"}}\n```\n![Poisoning the cache](https://user-images.githubusercontent.com/44903767/285421743-ccfa3d9d-24cf-47b7-b805-0e4034cec82e.png)\n\nNow, any user that attempts to translate \"I love you\" to Dutch, will get \"I hate you\" in Dutch as the response.\n![The victim gets our poisoned data](https://user-images.githubusercontent.com/44903767/285422033-b3853ca2-8a5a-4875-91e8-ba2ef0258bc6.png)\n\n\n### Impact\nAn attacker can control the results other users may get\n",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "translate"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.0"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29042"
    },
    {
      "type": "WEB",
      "url": "https://github.com/franciscop/translate/commit/7a2bf8b9f05f7c45c09683973ef4d8e995804aa4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/franciscop/translate/commit/cc1ba03078102f83e0503a96f1a081489bb865d3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/franciscop/translate"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-22T16:57:21Z",
    "nvd_published_at": "2024-03-22T17:15:07Z"
  }
}