NODE_GOOGLE_TRANSLATE icon indicating copy to clipboard operation
NODE_GOOGLE_TRANSLATE copied to clipboard

Published 20 hours ago verified publisher icon shikar

found 3 vulnerabilities ( 2 high, 1 critical)

Open zeteticl opened this issue 4 years ago • 1 comments

High Sandbox Breakout / Arbitrary Code Execution

Package safe-eval

Patched in No patch available

Dependency of translation-google

Path translation-google > safe-eval

More info https://npmjs.com/advisories/1033

Critical Sandbox Breakout / Arbitrary Code Execution

Package safe-eval

Patched in No patch available

Dependency of translation-google

Path translation-google > safe-eval

More info https://npmjs.com/advisories/1322

High Prototype Pollution

Package dot-prop

Patched in >=5.1.1

Dependency of translation-google

Path translation-google > configstore > dot-prop

More info https://npmjs.com/advisories/1213

zeteticl avatar Aug 09 '20 08:08 zeteticl

My pull request can fix these: https://github.com/shikar/NODE_GOOGLE_TRANSLATE/pull/4

For now I have been using my own fork: https://github.com/MidSpike/NODE_GOOGLE_TRANSLATE

(You should fork my fork b/c I don't know how much longer I will keep it)

MidSpike avatar Sep 15 '20 14:09 MidSpike