Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings.
Advisories for Npm/@Nuxt/Vite-Builder package
2025