CVE-2023-49799

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-49799

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49799.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-49799

Aliases

GHSA-3wfp-253j-5jxv

Related

GHSA-3wfp-253j-5jxv

Published

2023-12-09T00:15:07Z

Modified

2025-02-19T03:34:45.938402Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

nuxt-api-party is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression ^https?://, however this regular expression can be bypassed by an absolute URL with leading whitespace. For example \nhttps://whatever.com which has a leading newline. According to the fetch specification, before a fetch is made the URL is normalized. "To normalize a byte sequence potentialValue, remove any leading and trailing HTTP whitespace bytes from potentialValue.". This means the final request will be normalized to https://whatever.com bypassing the check and nuxt-api-party will send a request outside of the whitelist. This could allow us to leak credentials or perform Server-Side Request Forgery (SSRF). This vulnerability has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should revert to the previous method of detecting absolute URLs.

References

Affected packages

Git / github.com/johannschopplich/nuxt-api-party

Affected ranges

Type: GIT
Repo: https://github.com/johannschopplich/nuxt-api-party
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

b42ea5724b0593c0f6472364646818b1f787db30

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v0.10.0

v0.10.1

v0.10.2

v0.10.3

v0.10.4

v0.10.5

v0.11.0

v0.11.1

v0.11.2

v0.11.3

v0.11.4

v0.12.0

v0.13.0

v0.13.1

v0.14.0

v0.14.1

v0.14.2

v0.14.3

v0.15.0

v0.15.1

v0.15.2

v0.15.3

v0.15.4

v0.16.0

v0.16.1

v0.16.2

v0.16.3

v0.16.4

v0.17.0

v0.17.1

v0.18.0

v0.18.1

v0.19.0

v0.2.0

v0.2.1

v0.20.0

v0.20.1

v0.21.0

v0.21.1

v0.21.2

v0.21.3

v0.3.0

v0.3.1

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.7.0

v0.7.1

v0.7.2

v0.8.0

v0.8.1

v0.8.2

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4