7 matches found
Exposed Dangerous Method or Function
Overview nx is a The core Nx plugin contains the core functionality of Nx like the project graph, nx commands and task orchestration. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the local HTTP server's permissive CORS policy, which sends...
CVE-2026-54753
Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent Access-Control-Allow-Origin: on every response, letting any website a developer visited read the server's responses cross-origin — including...
CVE-2026-54753
Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent Access-Control-Allow-Origin: on every response, letting any website a developer visited read the server's responses cross-origin — including...
CVE-2026-54753
Summary (CVE-2026-54753) Nx's nx graph local HTTP server (in versions 17.0.4 through 22.7.2 and 23.0.0-beta.2) exposed an overly permissive CORS policy by returning Access-Control-Allow-Origin: * on every response. This enabled cross-origin access to sensitive server data, including the full proj...
EUVD-2026-39831
Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent Access-Control-Allow-Origin: on every response, letting any website a developer visited read the server's responses cross-origin — including...
CVE-2026-54753 Nx: `nx graph` dev server permissive CORS policy
Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent Access-Control-Allow-Origin: on every response, letting any website a developer visited read the server's responses cross-origin — including...
CVE-2026-54753 Nx: `nx graph` dev server permissive CORS policy
Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent Access-Control-Allow-Origin: on every response, letting any website a developer visited read the server's responses cross-origin — including...