Vulnerability Description
`nuxt-api-party` is an open source module to proxy API requests. The library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directly from the request body. A malicious user can construct a URL known to not fetch successfully, then set the retry attempts to a high value, this will cause a stack overflow as ofetch error handling works recursively resulting in a denial of service. This issue has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should limit ofetch options.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Johannschopplich | Nuxt Api Party | <= 0.21.3 |
Related Weaknesses (CWE)
References
- https://github.com/johannschopplich/nuxt-api-party/security/advisories/GHSA-q6hxExploitVendor Advisory
- https://github.com/johannschopplich/nuxt-api-party/security/advisories/GHSA-q6hxExploitVendor Advisory
FAQ
What is CVE-2023-49800?
CVE-2023-49800 is a vulnerability with a CVSS score of 7.5 (HIGH). `nuxt-api-party` is an open source module to proxy API requests. The library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse ...
How severe is CVE-2023-49800?
CVE-2023-49800 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-49800?
Check the references section above for vendor advisories and patch information. Affected products include: Johannschopplich Nuxt Api Party.