CVE-2019-13506
CVE-2019-13506 affects @nuxt/devalue before 1.2.3 (used in Nuxt.js before 2.6.2). The root cause is mishandling of object keys, leading to Cross-Site Scripting (XSS). Impact: potential XSS via object keys in affected builds; CVSS ~6.1 (NVD v3). Mitigation: upgrade to @nuxt/devalue 1.2.3 or later ...