Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-49800
HistoryDec 09, 2023 - 12:15 a.m.

Stack overflow

2023-12-0900:15:00
PRIOn knowledge base
www.prio-n.com
7
nuxt-api-party
denial of service
stack overflow
malicious user
upgrade

7.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

nuxt-api-party is an open source module to proxy API requests. The library allows the user to send many options directly to ofetch. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directly from the request body. A malicious user can construct a URL known to not fetch successfully, then set the retry attempts to a high value, this will cause a stack overflow as ofetch error handling works recursively resulting in a denial of service. This issue has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should limit ofetch options.

CPENameOperatorVersion
nuxt_api_partyle0.21.3

Related

cvelist 1
veracode 1
nvd 1
cve 1
osv 1
github 1
cvelist
cvelist
CVE-2023-49800 Denial of service by abusing `fetchOptions.retry` in nuxt-api-party
2023-12-08 23:41:55
veracode
veracode
Denial Of Service (DoS)
2023-12-13 18:48:14
nvd
nvd
CVE-2023-49800
2023-12-09 00:15:07
cve
cve
CVE-2023-49800
2023-12-09 00:15:07
osv
osv
DOS by abusing `fetchOptions.retry`.
2023-12-11 20:29:10
github
github
DOS by abusing `fetchOptions.retry`.
2023-12-11 20:29:10

7.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON
Related for PRION:CVE-2023-49800
cvelist1veracode1nvd1cve1osv1github1