CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
@nuxt/devtools is vulnerable to Path Traversal. The vulnerability is due to missing authentication on the getTextAssetContent
RPC function and a lack of Origin checks on the WebSocket handler, allowing attackers to interact with a locally running devtools instance and exfiltrate data.
github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/dev-auth.ts#L14
github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/server-rpc/assets.ts#L88C48-L88C48
github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/server-rpc/assets.ts#L96C11-L96C28
github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/server-rpc/index.ts#L109
github.com/nuxt/devtools/commit/69316c477455332bd2b2037956fa6cfe02610d2f
github.com/nuxt/nuxt/security/advisories/GHSA-rcvg-rgf7-pppv
portswigger.net/web-security/websockets/cross-site-websocket-hijacking