Key detail from the CVE description: to_pil_image in Translate Endpoints can be manipulated to cause server‑side request forgery. This flaw allows an attacker to instruct the server to perform arbitrary HTTP requests, potentially reaching internal resources or external addresses. The vulnerability is categorized as CWE‑918, indicating that the application does not properly validate or filter user‑supplied URLs. The impact is limited to the execution of outbound network requests from the server, with no mention of remote code execution or data exfiltration in the provided documentation.

The affected product is zyddnys manga‑image‑translator, with all releases up to beta‑0.3 impacted as stated in the CVE description. No specific sub‑versions are listed beyond the upper bound, so any earlier or later releases prior to the stated version boundary may need review. The vendor is the sole identified publisher in the CNA list.

From the provided metrics, the CVSS score of 5.3 indicates a moderate severity assessment. The EPSS score of less than 1% suggests a low overall probability of exploitation in the wild. The issue is not present in the CISA KEV catalog, implying that no large‑scale or known high‑profile attacks have been reported. Based on the description, the attack vector is remote through the Translate Endpoints API; no authentication requirement is mentioned, so the function is reachable by any client that can invoke the endpoint.