Description
he Nuxt dev server between versions 3.4.0 and 3.4.3 is vulnerable to code injection when it is exposed publicly.
Recommendation
Update the nuxt package to the latest compatible version. Followings are version details:
- Affected version(s): >= 3.4.0, < 3.4.3
- Patched version(s): 3.4.3
References
Related Issues
- gatsby-transformer-remark has possible unsanitized JavaScript code injection - CVE-2023-22491
- CouchAuth host header injection vulnerability leaks the password reset token - CVE-2023-39655
- chromedriver Command Injection vulnerability - CVE-2023-26156
- squirrelly Code Injection vulnerability - CVE-2024-40453
- Tags:
- npm
- nuxt
Anything's wrong? Let us know Last updated on November 18, 2024