CVE-2023-3224: nuxt Code Injection vulnerability
(updated )
he Nuxt dev server between versions 3.4.0 and 3.4.3 is vulnerable to code injection when it is exposed publicly.
References
- github.com/advisories/GHSA-gc34-5v43-h7v8
- github.com/nuxt/nuxt
- github.com/nuxt/nuxt/commit/65a8f4eb3ef1b249a95fd59e323835a96428baff
- github.com/nuxt/nuxt/commit/72ba53efbc2384f802d654fffd92eaf36a81b507
- github.com/nuxt/nuxt/commits/v3.4.3
- github.com/nuxt/nuxt/issues/21694
- huntr.dev/bounties/1eb74fd8-0258-4c1f-a904-83b52e373a87
- nvd.nist.gov/vuln/detail/CVE-2023-3224
Detect and mitigate CVE-2023-3224 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →