5 matches found
CVE-2025-24360
Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...
CVE-2025-24360
CVE-2025-24360 affects the Nuxt framework (Vue.js) prior to v3.15.3, with v3.8.1–v3.15.3 vulnerable due to default CORS settings that allow any origin to send requests to the development server and read responses. Several sources corroborate that, when using the Vite builder with the default serv...
CVE-2025-24360 Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...
CVE-2025-24360 Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...
CVE-2025-24360
creationtimestamp| type| source ---|---|--- 2025-01-24 23:51:14+00:00| published-proof-of-concept| https://github.com/nuxt/nuxt/security/advisories/GHSA-2452-6xj8-jh47 2025-01-25 00:57:37+00:00| seen| https://infosec.exchange/users/cve/statuses/113886275645982803 2025-01-25 01:05:10+00:00| seen|...