CVE-2024-34343: nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR
The navigateTo function attempts to blockthe javascript: protocol, but does not correctly use API’s provided by unjs/ufo. This library also contains parsing discrepancies.
References
Detect and mitigate CVE-2024-34343 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →