4 matches found
DOS by abusing `fetchOptions.retry`.
Summary nuxt-api-party allows developers to proxy requests to an API without exposing credentials to the client. ofetch is used to send the requests. The library allows the user to send many options directly to ofetch. There is no filter on which options are available. We can abuse the retry logi...
GHSA-Q6HX-3M4P-749H DOS by abusing `fetchOptions.retry`.
Summary nuxt-api-party allows developers to proxy requests to an API without exposing credentials to the client. ofetch is used to send the requests. The library allows the user to send many options directly to ofetch. There is no filter on which options are available. We can abuse the retry logi...
CVE-2023-49800
nuxt-api-party is an open source module to proxy API requests. The library allows the user to send many options directly to ofetch. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directl...
CVE-2023-49800 Denial of service by abusing `fetchOptions.retry` in nuxt-api-party
nuxt-api-party is an open source module to proxy API requests. The library allows the user to send many options directly to ofetch. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directl...