@nuxt/icon@1.1.1 vulnerabilities

latest version

1.7.0
latest non vulnerable version

1.7.0
first published

5 months ago
latest version published

a day ago
licenses detected
- MIT
  >=0
View @nuxt/icon package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @nuxt/icon package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Server-Side Request Forgery (SSRF) @nuxt/icon is a Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) due to improper user input sanitization in the `new URL` constructor used in the `/api/_nuxt_icon` endpoint. By modifying the scheme and host within the URL, an attacker can manipulate the request URL to redirect requests to an unintended server. How to fix Server-Side Request Forgery (SSRF)? Upgrade `@nuxt/icon` to version 1.4.5 or higher.	<1.4.5

Server-Side Request Forgery (SSRF)

@nuxt/icon is a

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) due to improper user input sanitization in the new URL constructor used in the /api/_nuxt_icon endpoint. By modifying the scheme and host within the URL, an attacker can manipulate the request URL to redirect requests to an unintended server.

How to fix Server-Side Request Forgery (SSRF)?

Upgrade @nuxt/icon to version 1.4.5 or higher.

<1.4.5

Go back to all versions of this package

@nuxt/icon@1.1.1 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities