2.1.0
2 years ago
1 months ago
Known vulnerabilities in the nuxt-api-party package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
nuxt-api-party is a Nuxt 3 module to securely connect with any API Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) during the regular expression check for absolute URLs. An attacker can bypass the check and cause the application to send a request to an arbitrary URL by providing an absolute URL with leading whitespace, such as a newline character. This could lead to a credentials leak. How to fix Server-Side Request Forgery (SSRF)? Upgrade | <0.22.1 |
nuxt-api-party is a Nuxt 3 module to securely connect with any API Affected versions of this package are vulnerable to Uncontrolled Recursion due to an abuse on the retry logic in How to fix Uncontrolled Recursion? Upgrade | <0.22.1 |