nuxt-api-party@0.10.5 vulnerabilities

Securely connect to any API with a server proxy and generated composables

latest version

2.0.4
latest non vulnerable version

2.0.4
first published

2 years ago
latest version published

5 days ago
licenses detected
- MIT
  >=0
View nuxt-api-party package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the nuxt-api-party package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Server-Side Request Forgery (SSRF) nuxt-api-party is a Nuxt 3 module to securely connect with any API Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) during the regular expression check for absolute URLs. An attacker can bypass the check and cause the application to send a request to an arbitrary URL by providing an absolute URL with leading whitespace, such as a newline character. This could lead to a credentials leak. How to fix Server-Side Request Forgery (SSRF)? Upgrade `nuxt-api-party` to version 0.22.1 or higher.	<0.22.1
H Uncontrolled Recursion nuxt-api-party is a Nuxt 3 module to securely connect with any API Affected versions of this package are vulnerable to Uncontrolled Recursion due to an abuse on the retry logic in `ofetch` function. An attacker can cause the server to crash from a stack overflow by sending a crafted request with a high number of retry attempts for a URL known to fail. How to fix Uncontrolled Recursion? Upgrade `nuxt-api-party` to version 0.22.1 or higher.	<0.22.1

Server-Side Request Forgery (SSRF)

nuxt-api-party is a Nuxt 3 module to securely connect with any API

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) during the regular expression check for absolute URLs. An attacker can bypass the check and cause the application to send a request to an arbitrary URL by providing an absolute URL with leading whitespace, such as a newline character. This could lead to a credentials leak.

How to fix Server-Side Request Forgery (SSRF)?

Upgrade nuxt-api-party to version 0.22.1 or higher.

<0.22.1

Uncontrolled Recursion

nuxt-api-party is a Nuxt 3 module to securely connect with any API

Affected versions of this package are vulnerable to Uncontrolled Recursion due to an abuse on the retry logic in ofetch function. An attacker can cause the server to crash from a stack overflow by sending a crafted request with a high number of retry attempts for a URL known to fail.

How to fix Uncontrolled Recursion?

Upgrade nuxt-api-party to version 0.22.1 or higher.

<0.22.1

Go back to all versions of this package

nuxt-api-party@0.10.5 vulnerabilities

Securely connect to any API with a server proxy and generated composables

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities