Opening a malicious website while running a Nuxt dev server could allow read-only access to code (GHSA-4gf7-ff8x-hq99)
- Severity:
- Medium
Description
Source code may be stolen during dev when using webpack / rspack builder and you open a malicious web site.
Recommendation
Update the @nuxt/webpack-builder package to the latest compatible version. Followings are version details:
- Affected version(s): >= 3.0.0, < 3.15.3
- Patched version(s): 3.15.3
References
Related Issues
- @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking - CVE-2025-25285
- Opening a malicious website while running a Nuxt dev server could allow read-only access to code (GHSA-2452-6xj8-jh47) - CVE-2025-24360
- Parse Server before v3.4.1 vulnerable to Denial of Service - CVE-2019-1020012
- Incorrect default cookie name and recommendation - Vulnerability
- Tags:
- npm
- @nuxt/webpack-builder
Anything's wrong? Let us know Last updated on January 27, 2025