CVE-2024-23657 Path Traversal: '../filedir' in Nuxt Devtools

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...

CVE-2024-23657 Path Traversal: '../filedir' in Nuxt Devtools

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...

CVE-2024-23657

CVE-2024-23657 — Nuxt Devtools: The issue is a path traversal vulnerability in Nuxt Devtools via getTextAssetContent, combined with lack of Origin checks on the WebSocket, enabling an attacker to read arbitrary files from the devtools host and, in some configurations, leak the devtools authentica...

CVE-2024-23657 Path Traversal: '../filedir' in Nuxt Devtools

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...

@aneoconsultingfr/armonik-docs-theme (>=0.6.4 <=0.6.13), @cssninja/nuxt-media-viewer (>=0.0.4 <=0.0.15) +14 more potentially affected by CVE-2024-23657 via @nuxt/devtools (>=0.1.6 <=1.3.7)

@nuxt/devtools NPM version =0.1.6, =0.6.4, =0.0.4, =8.3.3, =1.1.1, =0.0.1, =2.0.2, =0.2.5, =1.0.0, =0.0.1, =0.0.0-rc.29, =0.0.1, =2.0.0, =2.1.1 and more Source cves: CVE-2024-23657 Source advisory: OSV:GHSA-RCVG-RGF7-PPPV...

GHSA-RCVG-RGF7-PPPV Nuxt Devtools has a Path Traversal: '../filedir'

Summary Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attacker is able to interact with a locally running devtools instance and exfiltrate data abusing this...

Nuxt Devtools has a Path Traversal: '../filedir'

Summary Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attacker is able to interact with a locally running devtools instance and exfiltrate data abusing this...

PT-2024-20006 · Unknown · Nuxt Devtools

Name of the Vulnerable Software and Affected Versions: Nuxt Devtools versions prior to 1.3.9 Description: The issue arises from missing authentication on the getTextAssetContent RPC function, which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an...

The vulnerability of the DevTools set of tools for web development in the Google Chrome browser allows a hacker to execute arbitrary code.

The vulnerability in the DevTools suite for web development in the Google Chrome browser relates to the use of memory after deallocation. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created HTML page...

The vulnerability of the DevTools set of tools for web development in the Google Chrome browser allows a hacker to execute arbitrary code.

The vulnerability of the DevTools set of tools for web development in Google Chrome is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code through a specially created HTML page...

ROS-20240724-01

A vulnerability in the DevTools component of the Google Chrome browser is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely, allowing an intruder to execute arbitrary code through a specially crafted HTML page A vulnerability in th...

Google Chrome < 126.0.6367.182 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 126.0.6367.182. It is, therefore, affected by multiple vulnerabilities as referenced in the 202407stable-channel-update-for-desktop advisory. - Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182...

openSUSE 15 Security Update : chromium (openSUSE-SU-2024:0212-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0212-1 advisory. Chromium 126.0.6478.182 boo1227979: - CVE-2024-6772: Inappropriate implementation in V8 - CVE-2024-6773: Type Confusion in V8 - CVE-2024-6774: Us...

OPENSUSE-SU-2024:0212-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 126.0.6478.182 boo1227979: - CVE-2024-6772: Inappropriate implementation in V8 - CVE-2024-6773: Type Confusion in V8 - CVE-2024-6774: Use after free in Screen Capture - CVE-2024-6775: Use after free in Media Stream - CVE-2024-6776: Use...

OPENSUSE-SU-2024:0212-2 Security update for chromium

This update for chromium fixes the following issues: Chromium 126.0.6478.182 boo1227979: - CVE-2024-6772: Inappropriate implementation in V8 - CVE-2024-6773: Type Confusion in V8 - CVE-2024-6774: Use after free in Screen Capture - CVE-2024-6775: Use after free in Media Stream - CVE-2024-6776: Use...

Mageia: Security Advisory (MGASA-2024-0273)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : chromium (2024-2a56aeb66b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2a56aeb66b advisory. update to 126.0.6478.182 High CVE-2024-6772: Inappropriate implementation in V8 High CVE-2024-6773: Type Confusion in V8 High CVE-2024-6774: Use aft...

Updated chromium-browser-stable packages fix security vulnerabilities

Inappropriate implementation in V8. CVE-2024-6772 Type Confusion in V8. CVE-2024-6773 Use after free in Screen Capture. CVE-2024-6774 Use after free in Media Stream. CVE-2024-6775 Use after free in Audio. CVE-2024-6776 Use after free in Navigation. CVE-2024-6777 Race in DevTools. CVE-2024-6778 Ou...

MGASA-2024-0273 Updated chromium-browser-stable packages fix security vulnerabilities

Inappropriate implementation in V8. CVE-2024-6772 Type Confusion in V8. CVE-2024-6773 Use after free in Screen Capture. CVE-2024-6774 Use after free in Media Stream. CVE-2024-6775 Use after free in Audio. CVE-2024-6776 Use after free in Navigation. CVE-2024-6777 Race in DevTools. CVE-2024-6778 Ou...

Fedora 39 : chromium (2024-d9916cb7e2)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d9916cb7e2 advisory. update to 126.0.6478.182 High CVE-2024-6772: Inappropriate implementation in V8 High CVE-2024-6773: Type Confusion in V8 High CVE-2024-6774: Use aft...