Server-Side Request Forgery (SSRF)
google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery (SSRF) Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set a malicious tld, causing the application to return unsafe URLs pointing towards local resources. The translateOptions.tld field is not properly sanitized before being placed in the Google translate URL. This can …