Description
he Nuxt dev server between versions 3.4.0 and 3.4.3 is vulnerable to code injection when it is exposed publicly.
Recommendation
Update the nuxt package to the latest compatible version. Followings are version details:
- Affected version(s): >= 3.4.0, < 3.4.3
- Patched version(s): 3.4.3
References
Related Issues
- Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival - CVE-2025-59414
- Cross-site Scripting in jquery-ui - CVE-2010-5312
- Nuxt allows DOS via cache poisoning with payload rendering response - CVE-2025-27415
- Prototype Pollution in node-forge - CVE-2020-7720
- Tags:
- npm
- nuxt
Anything's wrong? Let us know Last updated on November 18, 2024