Description
he Nuxt dev server between versions 3.4.0 and 3.4.3 is vulnerable to code injection when it is exposed publicly.
Recommendation
Update the nuxt package to the latest compatible version. Followings are version details:
- Affected version(s): >= 3.4.0, < 3.4.3
- Patched version(s): 3.4.3
References
Related Issues
- Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin - CVE-2023-22621
- gatsby-transformer-remark has possible unsanitized JavaScript code injection - CVE-2023-22491
- CouchAuth host header injection vulnerability leaks the password reset token - CVE-2023-39655
- chromedriver Command Injection vulnerability - CVE-2023-26156
- Tags:
- npm
- nuxt
Anything's wrong? Let us know Last updated on November 18, 2024