Vulnerability	Vulnerable Version
M Exposed Dangerous Method or Function @nuxt/webpack-builder is a Webpack bundler for Nuxt Affected versions of this package are vulnerable to Exposed Dangerous Method or Function when using webpack or rspack builder and navigating to a malicious website. An attacker can inject a script tag to request a classic script, which is not restricted by the same-origin policy. This allows the script to execute and access the `window.webpackChunknuxt_app` object. By utilizing `Function::toString` on the values within this object, the attacker can extract and display the source code. How to fix Exposed Dangerous Method or Function? Upgrade `@nuxt/webpack-builder` to version 3.15.3, 3.15.3 or higher.	>=3.0.0 <3.15.3>=3.12.2 <3.15.3

Exposed Dangerous Method or Function

@nuxt/webpack-builder is a Webpack bundler for Nuxt

Affected versions of this package are vulnerable to Exposed Dangerous Method or Function when using webpack or rspack builder and navigating to a malicious website. An attacker can inject a script tag to request a classic script, which is not restricted by the same-origin policy. This allows the script to execute and access the window.webpackChunknuxt_app object. By utilizing Function::toString on the values within this object, the attacker can extract and display the source code.

How to fix Exposed Dangerous Method or Function?

Upgrade @nuxt/webpack-builder to version 3.15.3, 3.15.3 or higher.

>=3.0.0 <3.15.3>=3.12.2 <3.15.3

Go back to all versions of this package