CVE-2024-32466 Information

Description

Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints translation data was returned even when API key was missing translation.view scope. However it was impossible to fetch the data when user was missing this scope. So this is only relevant for API keys generated by users permitted to translation.view. This vulnerability is fixed in v3.57.2

Reference

https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-r95p-fqqv-fppc https://github.com/tolgee/tolgee-platform/commit/f71213925d6f80019f841db0ead9baa7488c1821