{
  "id": "CVE-2023-48711",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-11-24T17:15:07.563",
  "lastModified": "2023-12-01T20:13:43.540",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery (SSRF) Vulnerability is present in applications utilizing the `google-translate-api-browser` package and exposing the `translateOptions` to the end user. An attacker can set a malicious `tld`, causing the application to return unsafe URLs pointing towards local resources. The `translateOptions.tld` field is not properly sanitized before being placed in the Google translate URL. This can allow an attacker with control over the `translateOptions` to set the `tld` to a payload such as `@127.0.0.1`. This causes the full URL to become `https://translate.google.@127.0.0.1/...`, where `translate.google.` is the username used to connect to localhost. An attacker can send requests within internal networks and the local host. Should any HTTPS application be present on the internal network with a vulnerability exploitable via a GET call, then it would be possible to exploit this using this vulnerability. This issue has been addressed in release version 4.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
    },
    {
      "lang": "es",
      "value": "google-translate-api-browser es un paquete npm que interact\u00faa con la API web del traductor de Google. Una vulnerabilidad de Server-Side Request Forgery (SSRF) est\u00e1 presente en aplicaciones que utilizan el paquete `google-translate-api-browser` y exponen `translateOptions` al usuario final. Un atacante puede configurar un \"tld\" malicioso, lo que hace que la aplicaci\u00f3n devuelva URL no seguras que apunten a recursos locales. El campo `translateOptions.tld` no se sanitiza adecuadamente antes de colocarlo en la URL del traductor de Google. Esto puede permitir que un atacante con control sobre `translateOptions` establezca el `tld` en un payload como `@127.0.0.1`. Esto hace que la URL completa se convierta en `https://translate.google.@127.0.0.1/...`, donde `translate.google.` es el nombre de usuario utilizado para conectarse a localhost. Un atacante puede enviar solicitudes dentro de las redes internas y del host local. Si alguna aplicaci\u00f3n HTTPS estuviera presente en la red interna con una vulnerabilidad explotable mediante una llamada GET, entonces ser\u00eda posible explotarla utilizando esta vulnerabilidad. Este problema se solucion\u00f3 en la versi\u00f3n 4.1.3. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4
      },
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cjvnjde:google_translate_api_browser:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "4.1.3",
              "matchCriteriaId": "A73DA45E-F35C-4348-ACBE-222AA968B50E"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/cjvnjde/google-translate-api-browser/commit/33c2eac4a21c6504409e7b06dd16e6346f93d34b",
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://github.com/cjvnjde/google-translate-api-browser/security/advisories/GHSA-4233-7q5q-m7p6",
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}