VYPR
Low severity2.7NVD Advisory· Published Apr 18, 2024· Updated Jun 17, 2026

CVE-2024-32466

CVE-2024-32466

Description

Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/{projectId}/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. So this is only relevant for API keys generated by users permitted to translation.view. This vulnerability is fixed in v3.57.2

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Tolgee/Tolgeellm-fuzzy
    Range: >=v3.57.2
  • tolgee/tolgee-platformv5
    Range: < 3.57.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.