Description
he Nuxt dev server between versions 3.4.0 and 3.4.3 is vulnerable to code injection when it is exposed publicly.
Recommendation
Update the nuxt package to the latest compatible version. Followings are version details:
- Affected version(s): >= 3.4.0, < 3.4.3
- Patched version(s): 3.4.3
References
Related Issues
- gatsby-transformer-remark has possible unsanitized JavaScript code injection - CVE-2023-22491
- CouchAuth host header injection vulnerability leaks the password reset token - CVE-2023-39655
- squirrelly Code Injection vulnerability - CVE-2024-40453
- systeminformation SSID Command Injection Vulnerability - CVE-2023-42810
You might also like:
- Tags:
- npm
- nuxt
Anything's wrong? Let us know Last updated on November 18, 2024