CVE-2023-49800: 
JavaScript vulnerability analysis and mitigation

CVE-2023-49800 affects nuxt-api-party, an open source module designed to proxy API requests, in versions up to 0.21.3. The vulnerability was discovered and disclosed on December 8, 2023. The issue lies in the library's handling of API request options, specifically allowing users to send unfiltered options directly to the ofetch component (GitHub Advisory).

The vulnerability stems from the library's direct passing of fetchOptions from the request body to ofetch without proper filtering. This implementation allows attackers to manipulate the retry logic, potentially causing a stack overflow due to ofetch's recursive error handling. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can result in a complete Denial of Service (DoS) condition, rendering the server unusable during an attack. The impact is significant as it requires only a single request to achieve the DoS condition (GitHub Advisory).

The vulnerability has been patched in version 0.22.1. The fix involves limiting which options can be passed to ofetch. Users are strongly advised to upgrade to this version. For those unable to upgrade immediately, it is recommended to implement restrictions on ofetch options (GitHub Advisory).