5 matches found
CVE-2023-49800
nuxt-api-party is an open source module to proxy API requests. The library allows the user to send many options directly to ofetch. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directl...
CVE-2023-49800
CVE-2023-49800 affects the nuxt-api-party module. The issue arises from passing unfiltered fetchOptions from the request body into ofetch, allowing an attacker to craft a URL and set excessively high retry values, triggering recursive error handling that leads to a stack overflow and DoS. A fix i...
CVE-2023-49800 Denial of service by abusing `fetchOptions.retry` in nuxt-api-party
nuxt-api-party is an open source module to proxy API requests. The library allows the user to send many options directly to ofetch. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directl...
CVE-2023-49800 Denial of service by abusing `fetchOptions.retry` in nuxt-api-party
nuxt-api-party is an open source module to proxy API requests. The library allows the user to send many options directly to ofetch. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directl...
CVE-2023-49800
creationtimestamp| type| source ---|---|--- 2023-12-08 23:22:29+00:00| published-proof-of-concept| https://github.com/johannschopplich/nuxt-api-party/security/advisories/GHSA-q6hx-3m4p-749h...