77 matches found
Nuxt allows DOS via cache poisoning with payload rendering response
Summary By sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as https://mysite.com/?/payload.json which will be rendered as JSON. If the CDN ...
CVE-2025-27415 Nuxt allows DOS via cache poisoning with payload rendering response
Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as...
CVE-2025-27415 Nuxt allows DOS via cache poisoning with payload rendering response
Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as...
CVE-2025-27415 Nuxt allows DOS via cache poisoning with payload rendering response
Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as...
PT-2025-11961
Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 3.16.0 Description Nuxt is an open-source web development framework for Vue.js. By sending a crafted HTTP request to a server behind a CDN, it is possible to poison the CDN cache, severely impacting the availability of a...
CVE-2024-23657
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...
CVE-2024-42352
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. nuxt/icon provides an API to allow client side icon lookup. This endpoint is at /api/nuxticon/name. The proxied request path is improperly parsed, allowing an attacker to change the scheme and...
CVE-2025-24360
Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...
CVE-2025-24361 Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script b...
CVE-2025-24361 Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script b...
CVE-2025-24360 Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...
CVE-2025-24360 Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...
Nuxt 安全漏洞
Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt version 3.0.0 through versions prior to 3.15.3, which stems from a potential source code theft during development if a victim opens a malicious website...
Nuxt 信息泄露漏洞
Nuxt is a free open source framework from Nuxt Open Source. An information disclosure vulnerability exists in Nuxt versions 3.8.1 through prior to 3.15.3 that stems from a default CORS setting that allows any website to send any request to the development server and read the response...
CVE-2024-34344 Remote code execution via the browser when running the test locally in nuxt
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the path parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrar...
CVE-2024-34343 Cross-site Scripting (XSS) in navigateTo if used after SSR in nuxt
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The navigateTo function attempts to blockthe javascript: protocol, but does not correctly use API's provided by unjs/ufo. This library also contains parsing discrepancies. The function first...
PT-2024-25800 · Unjs/Ufo +1 · Unjs/Ufo +1
Name of the Vulnerable Software and Affected Versions: Nuxt versions prior to 3.12.4 Description: The navigateTo function does not correctly use APIs provided by unjs/ufo, leading to parsing discrepancies. The function first checks if a URL has a protocol using the unjs/ufo package, which works...
Nuxt 安全漏洞
Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt version 3.4.0 through versions prior to 3.12.4, which stems from insufficient validation of parameters and allows an attacker to execute arbitrary JavaScript on the server side, which in turn...
CVE-2023-0878
Cross-site Scripting XSS - Generic in GitHub repository nuxt/framework prior to 3.2.1...
CVE-2023-0878 Cross-site Scripting (XSS) - Generic in nuxt/framework
Cross-site Scripting XSS - Generic in GitHub repository nuxt/framework prior to 3.2.1...