Advisories for Npm/Nuxt package

2024

Nuxt vulnerable to remote code execution via the browser when running the test locally

Due to the insufficient validation of the path parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary commands.

nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR

The navigateTo function attempts to blockthe javascript: protocol, but does not correctly use API's provided by unjs/ufo. This library also contains parsing discrepancies.

2023

Improper Control of Generation of Code ('Code Injection')

Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.