npm package
nuxt-api-party
pkg:npm/nuxt-api-party
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-49799 | — | < 0.22.0 | 0.22.0 | Dec 8, 2023 | `nuxt-api-party` is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression `^https?://`, however this regular expressio | ||
| CVE-2023-49800 | — | < 0.22.1 | 0.22.1 | Dec 8, 2023 | `nuxt-api-party` is an open source module to proxy API requests. The library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions |
- CVE-2023-49799Dec 8, 2023affected < 0.22.0fixed 0.22.0
`nuxt-api-party` is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression `^https?://`, however this regular expressio
- CVE-2023-49800Dec 8, 2023affected < 0.22.1fixed 0.22.1
`nuxt-api-party` is an open source module to proxy API requests. The library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions