Lucene search
K

15 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 12:50 p.m.17 views

CVE-2026-46342 Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...

2.3CVSS5.1AI score0.00091EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 12:50 p.m.28 views

CVE-2026-46342 Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...

2.3CVSS0.00091EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 12:50 p.m.34 views

CVE-2026-46342

Nuxt (Vue.js framework) versions 3.1.0–3.21.5 and 4.0.0-alpha.1–4.4.5 are affected by CVE-2026-46342 due to the /__nuxt_island/* endpoint not binding responses to the request props, allowing attacker-controlled props to influence island component rendering via an unverified URL-resident hash. Thi...

5.4CVSS5.1AI score0.00091EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-45028

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.11.0 through 3.21.5 Nuxt versions 4.0.0-alpha.1 through 4.4.5 @nuxt/nitro-server versions 3.20.0 through 3.21.5 @nuxt/nitro-server versions 4.0.0-alpha.1 through 4.4.5 Description When experimental.componentIslands is enabled,...

6.3CVSS5.3AI score0.0023EPSS
Exploits1References8
OSV
OSV
added 2026/05/19 8:3 p.m.7 views

GHSA-G8WJ-3CR3-6W7V Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning

Summary The /nuxtisland/ endpoint accepts attacker-controlled props query/body parameters and renders any island component without verifying that the URL-resident hash .json was actually issued for those inputs by . The hash is computed and embedded client-side but never validated server-side, so...

2.3CVSS6AI score0.00091EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/19 8:3 p.m.11 views

NPM: Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning

NPM: Nuxt: nuxtisland endpoint does not bind responses to request props, enabling shared-cache poisoning vulnerability discovered by ? in WordPress Npm nuxt versions = 3.1.0, = 3.21.5...

5.8AI score0.00091EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/19 8:3 p.m.11 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the nuxtisland endpoint when responses are not properly bound to request props, allowing shared-cache poisoning. An attacker can cause users to receive attacker-controlled HTML by priming a shared cache with...

5.8CVSS6AI score0.00091EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/19 8:3 p.m.14 views

Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning

Summary The /nuxtisland/ endpoint accepts attacker-controlled props query/body parameters and renders any island component without verifying that the URL-resident hash .json was actually issued for those inputs by . The hash is computed and embedded client-side but never validated server-side, so...

5.4CVSS6AI score0.00091EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.25 views

PT-2026-42038

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.1.0 through 3.21.5 Nuxt versions 4.0.0-alpha.1 through 4.4.5 @nuxt/nitro-server versions 3.20.0 through 3.21.5 @nuxt/nitro-server versions 4.0.0-alpha.1 through 4.4.5 Description The '/ nuxt island/' endpoint accepts...

5.4CVSS5.2AI score0.00091EPSS
Exploits0References8
Veracode
Veracode
added 2025/10/29 10:13 a.m.5 views

Client-Side Path Traversal

Nuxt is vulnerable to Client-Side Path Traversal. The vulnerability is due to improper validation of user-controlled data within the Island payload revival mechanism, which allows an attacker to craft malicious nuxtisland objects that manipulate client-side requests to arbitrary endpoints within...

3.1CVSS7.1AI score0.00347EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/09/17 8:42 p.m.3 views

GHSA-P6JQ-8VC4-79F6 Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival

Summary A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specific prerendering conditions are met. Technical Details The vulnerability occurs in...

3.1CVSS6.5AI score0.00347EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/09/17 8:42 p.m.6 views

Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival

Summary A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specific prerendering conditions are met. Technical Details The vulnerability occurs in...

3.1CVSS6.5AI score0.00347EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/09/17 7:15 p.m.8 views

CVE-2025-59414

Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specifi...

3.1CVSS0.00347EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/09/17 6:39 p.m.1 views

CVE-2025-59414 Nuxt Client-Side Path Traversal in Nuxt Island Payload Revival

Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specifi...

3.1CVSS6.2AI score0.00347EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.5 views

PT-2025-38250

Name of the Vulnerable Software and Affected Versions: Nuxt versions prior to 3.19.0 Nuxt versions prior to 4.1.0 Description: A client-side path traversal vulnerability exists in Nuxt's Island payload revival mechanism. This allows attackers to manipulate client-side requests to different...

3.1CVSS6.2AI score0.00347EPSS
Exploits1References7
Rows per page
Query Builder