103 matches found
Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Summary Source code may be stolen during dev when using webpack / rspack builder and you open a malicious web site. Details Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject in their site and run the script. By using...
GHSA-4GF7-FF8X-HQ99 Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Summary Source code may be stolen during dev when using webpack / rspack builder and you open a malicious web site. Details Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject in their site and run the script. By using...
Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Summary Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Details While Vite patched the default CORS settings to fix https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6, nuxt uses its own CORS handler by...
Nuxt 安全漏洞
Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt version 3.0.0 through versions prior to 3.15.3, which stems from a potential source code theft during development if a victim opens a malicious website...
PT-2025-5342 · Vite +1 · Vite +1
Name of the Vulnerable Software and Affected Versions: Nuxt versions 3.8.1 through 3.15.2 Description: The issue arises due to default CORS settings in Nuxt, allowing any website to send requests to the development server and read the response. This can lead to source code theft by malicious...
Malicious npm Packages Aim to Target Developers for Source Code Theft
An unknown threat actor is leveraging malicious npm packages to target developers with an aim to steal source code and configuration files from victim machines, a sign of how threats lurk consistently in open-source repositories. "The threat actor behind this campaign has been linked to malicious...
Malicious code in casino.web (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx feffdfd456f40706d2380c15768e0a8e7449f6c5a2c60d257ef67d5f84d5b6ac Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
MAL-2023-7930 Malicious code in bspin.mobilecasino (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 65f32001f04a5f4b6e32fe438de1f89d70b3873bd38c8eac28761d78900b0ce0 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
MAL-2023-8036 Malicious code in sso-map (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx ec3637a741345c5082ec0b969e5d295b30baf6cc1647f0f684951624ee0ba64b Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
Malicious code in vision-chart (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 22b046ac73ecbc50209ffe4bb757a9736adafeb2a51ad9123c0d8a3902374246 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
Malicious code in hh-dep-monitoring (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx ac7b27f86bac41db082963b72360f1c159fa5ecbaf4a72d766ae92548df697f3 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
MAL-2023-8032 Malicious code in olymptrade (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 980d1b05adbe09f084ff3a74bbcdf8e7b12c80d99842d8caf74bb22009af6e38 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
MAL-2023-7939 Malicious code in orbitplate (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx df1bde52050b0c84fcf4221afb1f77445edcbfc7e307f2eaf54fb104ce916f06 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
MAL-2023-7931 Malicious code in career-service-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx d053ab0c6c3eb4184d3e98ecd922d23cc351f70a7df8a410d1271644721481ac Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
MAL-2023-8031 Malicious code in ng-zulutrade-ssr (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx b7f6b1d4585de70357f4ac94823e53c6846ebaeaf161d5088e75c3fde5f7ac05 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
Malicious code in developer_backup_test525 (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 801d93e817d2a88be92c4ce8b23fb15ec2a02dba59eea3666d03eee45d2dd072 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
Malicious code in developer_backup_test527 (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 873572cb006dd8216d097e1014bc26f4f54e2e57b00c4ed5db617993287c9735 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
Malicious code in developer_backup_test532 (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx f05f5aa40e4c7abb13accb6085899f4b3fdf227cad5d43b4066b5a7d73717243 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
Malicious code in zip_achive_bp (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx a268db221b575c75e97a65f2a00d56b0a4ac4d14910e381fa972bf522479022f Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
Malicious code in developer_backup_test521 (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 166bebecf34acabc1fdf3c66906bda21b7b7e7043f76cf728dd8637270162021 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...