3 matches found
CVE-2023-49799 Server-Side Request Forgery in nuxt-api-party
nuxt-api-party is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression ^https?://, however this regular expression can be bypassed by ...
CVE-2023-49799
The CVE-2023-49799 entry concerns the nuxt-api-party module, where a regex-based absolute-URL check (^https?://) can be bypassed by absolute URLs with leading whitespace (e.g., a leading newline). This can allow requests to bypass the whitelist, enabling Server-Side Request Forgery (SSRF) and pot...
CVE-2023-49799 Server-Side Request Forgery in nuxt-api-party
nuxt-api-party is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression ^https?://, however this regular expression can be bypassed by ...