nuxt-og-image 6.2.4

Direct Vulnerabilities

Known vulnerabilities in the nuxt-og-image package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Allocation of Resources Without Limits or Throttling nuxt-og-image is an Enlightened OG Image generation for Nuxt. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the unbounded `width` and `height` parameters in the image generation. An attacker can exhaust server memory and cause service disruption by sending requests with excessively large images. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `nuxt-og-image` to version 6.2.5 or higher.	<6.2.5
M Cross-site Scripting (XSS) nuxt-og-image is an Enlightened OG Image generation for Nuxt. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via HTML attributes during image generation. An attacker can execute arbitrary JavaScript code in the context of the user's browser by crafting a malicious URL containing specially crafted query parameters. How to fix Cross-site Scripting (XSS)? Upgrade `nuxt-og-image` to version 6.2.5 or higher.	<6.2.5
M Server-side Request Forgery (SSRF) nuxt-og-image is an Enlightened OG Image generation for Nuxt. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via user-controlled parameters in the `/_og/d/` endpoint. An attacker can access internal network resources or sensitive data by injecting crafted URLs through parameters such as `style` or `html`. This may allow scanning of internal ports and services, or reading sensitive data from cloud infrastructure metadata services when verbose error output is enabled. How to fix Server-side Request Forgery (SSRF)? Upgrade `nuxt-og-image` to version 6.2.5 or higher.	<6.2.5

Vulnerability

Vulnerable Version

Allocation of Resources Without Limits or Throttling

nuxt-og-image is an Enlightened OG Image generation for Nuxt.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the unbounded width and height parameters in the image generation. An attacker can exhaust server memory and cause service disruption by sending requests with excessively large images.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade nuxt-og-image to version 6.2.5 or higher.

<6.2.5

Cross-site Scripting (XSS)

nuxt-og-image is an Enlightened OG Image generation for Nuxt.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via HTML attributes during image generation. An attacker can execute arbitrary JavaScript code in the context of the user's browser by crafting a malicious URL containing specially crafted query parameters.

How to fix Cross-site Scripting (XSS)?

Upgrade nuxt-og-image to version 6.2.5 or higher.

<6.2.5

Server-side Request Forgery (SSRF)

nuxt-og-image is an Enlightened OG Image generation for Nuxt.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via user-controlled parameters in the /_og/d/ endpoint. An attacker can access internal network resources or sensitive data by injecting crafted URLs through parameters such as style or html. This may allow scanning of internal ports and services, or reading sensitive data from cloud infrastructure metadata services when verbose error output is enabled.

How to fix Server-side Request Forgery (SSRF)?

Upgrade nuxt-og-image to version 6.2.5 or higher.

<6.2.5

nuxt-og-image@6.2.4

Enlightened OG Image generation for Nuxt.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically