2 matches found
GHSA-V784-FJJH-F8R4 Nuxt vulnerable to remote code execution via the browser when running the test locally
Summary Due to the insufficient validation of the path parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary commands. Details While running the test, a special component named NuxtTestComponentWrapper is...
Code Injection
nuxt is vulnerable to Code Injection. The vulnerability exists due to a lack of user input path validation in test-component-wrapper.ts which allows an attacker to inject and execute malicious code. Note that this vulnerability is only applicable if the server is ran on dev mode...