CVE-2023-49800

Name of the Vulnerable Software and Affected Versions nuxt-api-party versions prior to 0.22.1

Description The issue concerns the nuxt-api-party module, which allows users to proxy API requests. It lacks a filter on options sent to ofetch, enabling the abuse of retry logic to cause a server crash due to a stack overflow. A malicious user can construct a URL that will not fetch successfully, then set the retry attempts to a high value, resulting in a denial of service. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 0.22.1, upgrade to version 0.22.1 or later to resolve the issue. As a temporary workaround for users unable to upgrade, limit the ofetch options to minimize the risk of exploitation.