CVE-2024-23657: Nuxt Devtools has a Path Traversal: '../filedir'
Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attacker is able to interact with a locally running devtools instance and exfiltrate data abusing this vulnerability.
In certain configurations an attacker could leak the devtools authentication token and then abuse other RPC functions to achieve RCE.
References
- github.com/advisories/GHSA-rcvg-rgf7-pppv
- github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/server-rpc/assets.ts
- github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/server-rpc/index.ts
- github.com/nuxt/nuxt
- github.com/nuxt/nuxt/security/advisories/GHSA-rcvg-rgf7-pppv
- nvd.nist.gov/vuln/detail/CVE-2024-23657
Detect and mitigate CVE-2024-23657 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →