HIGH 8.1
GHSA-gc34-5v43-h7v8
nuxt Code Injection vulnerability
Details
he Nuxt dev server between versions 3.4.0 and 3.4.3 is vulnerable to code injection when it is exposed publicly.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2023-3224 [ADVISORY]
- https://github.com/nuxt/nuxt/issues/21694 [WEB]
- https://github.com/nuxt/nuxt/commit/65a8f4eb3ef1b249a95fd59e323835a96428baff [WEB]
- https://github.com/nuxt/nuxt/commit/72ba53efbc2384f802d654fffd92eaf36a81b507 [WEB]
- https://github.com/nuxt/nuxt [PACKAGE]
- https://github.com/nuxt/nuxt/commits/v3.4.3 [WEB]
- https://huntr.dev/bounties/1eb74fd8-0258-4c1f-a904-83b52e373a87 [WEB]