Login Sign Up

CVE-2023-49799

7.5 HIGH
Authentication Bypass SSRF

📋 TL;DR

This vulnerability in nuxt-api-party allows attackers to bypass URL validation by adding leading whitespace before absolute URLs, enabling Server-Side Request Forgery (SSRF). Attackers can force the server to make unauthorized requests to external systems, potentially leaking credentials or accessing internal resources. All users of vulnerable versions are affected.

💻 Affected Systems

Products:
  • nuxt-api-party
Versions: Versions before 0.22.1
Operating Systems: all
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects server-side rendering configurations where nuxt-api-party is used to proxy API requests.

📦 What is this software?

Nuxt Api Party by Johannschopplich

View all CVEs affecting Nuxt Api Party →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete credential leakage from internal systems, access to cloud metadata services, or internal network reconnaissance leading to further compromise.

🟠

Likely Case

Unauthorized data exfiltration from internal APIs, access to internal services, or credential harvesting from vulnerable endpoints.

🟢

If Mitigated

Limited impact if proper network segmentation and egress filtering are in place, though SSRF vectors remain dangerous.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires the ability to control URL parameters passed to nuxt-api-party endpoints. The bypass technique is simple and well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.22.1

Vendor Advisory: https://github.com/johannschopplich/nuxt-api-party/security/advisories/GHSA-3wfp-253j-5jxv

Restart Required: Yes

Instructions:

1. Update package.json to use nuxt-api-party version 0.22.1 or higher. 2. Run npm update nuxt-api-party or yarn upgrade nuxt-api-party. 3. Restart the Nuxt application server.

🔧 Temporary Workarounds

Revert to previous URL validation

all

Manually revert to the previous absolute URL detection method before the vulnerable regex change

Check commit history and manually apply previous validation logic

🧯 If You Can't Patch

  • Implement strict input validation that trims whitespace before URL validation
  • Deploy network egress filtering to restrict outbound connections from the application server

🔍 How to Verify

Check if Vulnerable:

Check package.json for nuxt-api-party version. If version is below 0.22.1, the system is vulnerable.

Check Version:

npm list nuxt-api-party or check package.json

Verify Fix Applied:

After updating, verify the version is 0.22.1 or higher and test that URLs with leading whitespace are properly rejected.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from the application server
  • Requests to unexpected domains or internal IP ranges

Network Indicators:

  • HTTP requests with leading whitespace in URLs
  • Outbound connections to non-whitelisted domains from the app server

SIEM Query:

source="application_logs" AND (url CONTAINS "\nhttp" OR url CONTAINS "\rhttp" OR url CONTAINS " http")

📊 Metadata

CVE ID: CVE-2023-49799
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-918
Published: December 9, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-49799, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)