23 matches found
@aneoconsultingfr/armonik-docs-theme (>=0.6.4 <=0.6.13), @cssninja/nuxt-media-viewer (>=0.0.4 <=0.0.15) +14 more potentially affected by CVE-2024-23657 via @nuxt/devtools (>=0.1.6 <=1.3.7)
@nuxt/devtools NPM version =0.1.6, =0.6.4, =0.0.4, =8.3.3, =1.1.1, =0.0.1, =2.0.2, =0.2.5, =1.0.0, =0.0.1, =0.0.0-rc.29, =0.0.1, =2.0.0, =2.1.1 and more Source cves: CVE-2024-23657 Source advisory: OSV:GHSA-RCVG-RGF7-PPPV...
GHSA-RCVG-RGF7-PPPV Nuxt Devtools has a Path Traversal: '../filedir'
Summary Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attacker is able to interact with a locally running devtools instance and exfiltrate data abusing this...
PT-2024-20006 · Unknown · Nuxt Devtools
Name of the Vulnerable Software and Affected Versions: Nuxt Devtools versions prior to 1.3.9 Description: The issue arises from missing authentication on the getTextAssetContent RPC function, which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an...