Homepage

@nuxt/icon@1.0.0-rc.1 vulnerabilities

  • latest version

    1.10.3

  • latest non vulnerable version

    1.10.3

  • first published

    7 months ago

  • latest version published

    1 months ago

  • licenses detected

  • View icon package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the @nuxt/icon package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Server-Side Request Forgery (SSRF)

    @nuxt/icon is a nuxt-icon

    Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) due to improper user input sanitization in the new URL constructor used in the /api/_nuxt_icon endpoint. By modifying the scheme and host within the URL, an attacker can manipulate the request URL to redirect requests to an unintended server.

    How to fix Server-Side Request Forgery (SSRF)?

    Upgrade @nuxt/icon to version 1.4.5 or higher.

    <1.4.5
    Go back to all versions of this package