nuxt-api-party@0.5.0 vulnerabilities

Securely connect to any API with a server proxy and generated composables

  • latest version

    2.1.0

  • latest non vulnerable version

  • first published

    2 years ago

  • latest version published

    1 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the nuxt-api-party package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Server-Side Request Forgery (SSRF)

    nuxt-api-party is a Nuxt 3 module to securely connect with any API

    Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) during the regular expression check for absolute URLs. An attacker can bypass the check and cause the application to send a request to an arbitrary URL by providing an absolute URL with leading whitespace, such as a newline character. This could lead to a credentials leak.

    How to fix Server-Side Request Forgery (SSRF)?

    Upgrade nuxt-api-party to version 0.22.1 or higher.

    <0.22.1
    • H
    Uncontrolled Recursion

    nuxt-api-party is a Nuxt 3 module to securely connect with any API

    Affected versions of this package are vulnerable to Uncontrolled Recursion due to an abuse on the retry logic in ofetch function. An attacker can cause the server to crash from a stack overflow by sending a crafted request with a high number of retry attempts for a URL known to fail.

    How to fix Uncontrolled Recursion?

    Upgrade nuxt-api-party to version 0.22.1 or higher.

    <0.22.1