Lucene search
GoogleOSV:GHSA-6677-83PP-F862HistoryJul 16, 2019 - 12:42 a.m.
Cross-Site Scripting in @nuxt/devalue
2019-07-1600:42:02
Google
osv.dev
7
EPSS
0.001
Percentile
39.5%
Versions of @nuxt/devalue prior to 1.2.3 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization attacker may inject arbitrary JavaScript code through object keys.
Recommendation
Upgrade to version 1.2.3 or later.
References
github.com/nuxt/devalue/pull/8
github.com/nuxt/devalue/releases/tag/v1.2.3
github.com/nuxt/nuxt.js/commit/0d5dfe71917191c5b07f373896311f2d8f6b75be
github.com/nuxt/nuxt.js/compare/c0776eb...8d14cd4
github.com/nuxt/nuxt.js/releases/tag/v2.6.2
github.com/Rich-Harris/devalue/issues/19
nvd.nist.gov/vuln/detail/CVE-2019-13506
www.npmjs.com/advisories/814
Related
prion
prion
Cross site scripting
2019-07-11 14:15:00
cvelist
cvelist
CVE-2019-13506
2019-07-11 13:07:05
veracode
veracode
Cross-site Scripting (XSS)
2019-04-16 02:39:40
nodejs
nodejs
Cross-Site Scripting
2019-04-10 21:39:21
nvd
nvd
CVE-2019-13506
2019-07-11 14:15:11
osv
osv
CVE-2019-13506
2019-07-11 14:15:11
cve
cve
CVE-2019-13506
2019-07-11 14:15:11
github
github
Cross-Site Scripting in @nuxt/devalue
2019-07-16 00:42:02
githubexploit
githubexploit
Exploit for Cross-site Scripting in Nuxtjs Nuxt.Js
2020-12-01 09:18:57