Lucene search

K

4 matches found

CVE
CVE
added 2024/08/05 9:15 p.m.94 views

CVE-2024-23657

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attacker...

8.8CVSS8.8AI score0.00542EPSS
CVE
CVE
added 2024/08/05 9:15 p.m.78 views

CVE-2024-42352

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. nuxt/icon provides an API to allow client side icon lookup. This endpoint is at /api/_nuxt_icon/[name]. The proxied request path is improperly parsed, allowing an attacker to change the scheme a...

8.6CVSS8.5AI score0.00049EPSS
CVE
CVE
added 2024/08/05 9:15 p.m.62 views

CVE-2024-34343

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The navigateTo function attempts to blockthe javascript: protocol, but does not correctly use API's provided by unjs/ufo. This library also contains parsing discrepancies. The function first tes...

6.3CVSS6.4AI score0.00099EPSS
CVE
CVE
added 2024/08/05 9:15 p.m.42 views

CVE-2024-34344

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the path parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary ...

8.8CVSS9AI score0.00263EPSS