Vulnerabilities/

Nuxt OG Image vulnerable to Server-Side Request Forgery via user-controlled parameters

Severity:: Medium

Description

Product: Nuxt OG Image Version: < 6.2.5 CWE-ID: CWE-918: Server-Side Request Forgery

Recommendation

Update the nuxt-og-image package to the latest compatible version. Followings are version details:

Affected version(s): < 6.2.5
Patched version(s): 6.2.5

References

Related Issues

Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter - CVE-2025-68150
Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter - CVE-2025-58179
Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format - CVE-2025-64430
Server side request forgery in SwaggerUI - Vulnerability

You might also like:

Exploiting Server Version Disclosure

10 Secure Coding Best Practices to Follow in Every Project

Update Cheat Sheet for Developers

Tags:: npm; nuxt-og-image

Anything's wrong? Let us know Last updated on March 31, 2026