7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.6%
nuxt-api-party is vulnerable to Cross-Site Request Forgery. The vulnerability exists due to a faulty regurlar expression which does not take white spaces into account validation within server.ts
, allowing an attacker to execute requests bypasssing the whitelist, leading to unauthorized access.
CPE | Name | Operator | Version |
---|---|---|---|
nuxt-api-party | le | 0.21.3 | |
nuxt-api-party | le | 0.21.3 |
fetch.spec.whatwg.org/
fetch.spec.whatwg.org/#http-whitespace-byte
github.com/johannschopplich/nuxt-api-party/blob/777462e1e3af1d9f8938aa33f230cd8cb6e0cc9a/src/runtime/server/handler.ts#L31
github.com/johannschopplich/nuxt-api-party/commit/72762a200fc19d997a0f84bce578c28698dc5270
github.com/johannschopplich/nuxt-api-party/security/advisories/GHSA-3wfp-253j-5jxv
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.6%