5 matches found
GHSA-5G86-85RP-F9HX Papra HTTP redirect bypass can lead to SSRF via webhook delivery system
Summary Papra's webhook delivery system contains an SSRF protection bypass that allows any authenticated organisation member to cause the server to make HTTP requests to internal addresses — loopback, link-local, and RFC-1918 ranges. The SSRF protection validates the registered webhook URL but...
GHSA-Q6HX-3M4P-749H DOS by abusing `fetchOptions.retry`.
Summary nuxt-api-party allows developers to proxy requests to an API without exposing credentials to the client. ofetch is used to send the requests. The library allows the user to send many options directly to ofetch. There is no filter on which options are available. We can abuse the retry logi...
DOS by abusing `fetchOptions.retry`.
Summary nuxt-api-party allows developers to proxy requests to an API without exposing credentials to the client. ofetch is used to send the requests. The library allows the user to send many options directly to ofetch. There is no filter on which options are available. We can abuse the retry logi...
CVE-2023-49800
nuxt-api-party is an open source module to proxy API requests. The library allows the user to send many options directly to ofetch. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directl...
CVE-2023-49800 Denial of service by abusing `fetchOptions.retry` in nuxt-api-party
nuxt-api-party is an open source module to proxy API requests. The library allows the user to send many options directly to ofetch. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directl...