CVE-2024-29042

Name of the Vulnerable Software and Affected Versions Translate versions prior to 3.0.0

Description The issue allows an attacker controlling the second variable of the translate function to perform a cache poisoning attack, changing the outcome of translation requests made by subsequent users. The opt.id parameter enables the overwriting of the cache key. If an attacker sets the id variable to the cache key that would be generated by another user, they can choose the response that user gets served.

Recommendations For versions prior to 3.0.0, update to version 3.0.0 to fix the issue. As a temporary workaround, consider restricting access to the opt.id parameter to prevent cache key overwriting. Avoid using the id variable in the translate function until the issue is resolved.