CVE-2023-49799— nuxt-api-party 代码问题漏洞

Server-Side Request Forgery in nuxt-api-party

`nuxt-api-party` is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression `^https?://`, however this regular expression can be bypassed by an absolute URL with leading whitespace. For example `\nhttps://whatever.com` which has a leading newline. According to the fetch specification, before a fetch is made the URL is normalized. "To normalize a byte sequence potentialValue, remove any leading and trailing HTTP whitespace bytes from potentialValue.". This means the final request will be normalized to `https://whatever.com` bypassing the check and nuxt-api-party will send a request outside of the whitelist. This could allow us to leak credentials or perform Server-Side Request Forgery (SSRF). This vulnerability has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should revert to the previous method of detecting absolute URLs.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

服务端请求伪造(SSRF)

nuxt-api-party 代码问题漏洞

nuxt-api-party是Johann Schopplich个人开发者的一个开源模块，用于代理API请求。 nuxt-api-party 0.21.3版本存在代码问题漏洞，该漏洞源于对URL 检测不严格，带有前导空格的绝对 URL 可以绕过此正则表达式，允许开发人员通过代理对 API 进行请求，而无需向客户端公开凭据。

N/A

N/A