Nuxt Icon < 1.4.5 Server-Side Request Forgery

Nuxt Icon versions prior to 1.4.5 are vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs in the icon fetching functionality. An attacker can exploit this vulnerability by providing a malicious URL that points to an internal or restricted resource,...

Server-Side Request Forgery

@nuxt/icon is vulnerable to Server-Side Request Forgery. The vulnerability is due to improperly parsed proxied request paths in the /api/nuxticon/name endpoint, which lets an attacker change the scheme and host of the request. An attackers can exploit this flaw by passing a path prefixed with...

CVE-2024-42352 Server-Side Request Forgery (SSRF) in nuxt-icon

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. nuxt/icon provides an API to allow client side icon lookup. This endpoint is at /api/nuxticon/name. The proxied request path is improperly parsed, allowing an attacker to change the scheme and...

PT-2024-29889 · Nuxt · Nuxt

Name of the Vulnerable Software and Affected Versions: Nuxt versions prior to 1.4.5 Description: The nuxt/icon API endpoint, located at /api/ nuxt icon/name, is vulnerable to improper parsing of the proxied request path, allowing an attacker to change the scheme and host of the request. This lead...