Description
nuxt-api-party allows developers to proxy requests to an API without exposing credentials to the client. ofetch is used to send the requests.
The library allows the user to send many options directly to ofetch. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow.
Recommendation
Update the nuxt-api-party package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.22.1
- Patched version(s): 0.22.1
References
Related Issues
- Path Traversal in general-file-server - CVE-2018-3724
- qs vulnerable to Prototype Pollution - CVE-2022-24999
- Server-Side Request Forgery in axios - CVE-2024-39338
- SSRF & Credentials Leak - CVE-2023-49799
- Tags:
- npm
- nuxt-api-party
Anything's wrong? Let us know Last updated on December 13, 2023