nuxt@1.0.0-gh-0d2e2a4

Nuxt is a free and open-source framework with an intuitive and extendable way to create type-safe, performant and production-grade full-stack web applications and websites with Vue.js.

  • latest version

    4.4.8

  • latest non vulnerable version

  • first published

    9 years ago

  • latest version published

    1 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the nuxt package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Cross-site Scripting (XSS)

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the navigateTo open option. An attacker can execute arbitrary scripts in the application's origin by supplying a crafted open parameter containing a script-capable URL.

    How to fix Cross-site Scripting (XSS)?

    Upgrade nuxt to version 3.21.7, 4.4.7 or higher.

    <3.21.7>=4.0.0-alpha.1 <4.4.7
    • C
    Open Redirect

    Affected versions of this package are vulnerable to Open Redirect via the reloadNuxtApp() function. An attacker can redirect users to attacker-controlled hosts by injecting protocol-relative paths such as //evil.com, potentially enabling phishing attacks or theft of OAuth authorization codes.

    How to fix Open Redirect?

    Upgrade nuxt to version 3.21.7, 4.4.7 or higher.

    <3.21.7>=4.0.0-alpha.1 <4.4.7
    • L
    Cross-site Scripting (XSS)

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the NoScript component when untrusted input is interpolated into its slot content. An attacker can inject malicious HTML or scripts by supplying specially crafted data that is rendered unescaped in the server-generated HTML, potentially leading to execution of arbitrary code in the user's browser.

    How to fix Cross-site Scripting (XSS)?

    Upgrade nuxt to version 3.21.7, 4.4.7 or higher.

    <3.21.7>=4.0.0-alpha.1 <4.4.7
    • C
    Open Redirect

    Affected versions of this package are vulnerable to Open Redirect via improper handling of URLs in the navigateTo function. An attacker can execute arbitrary scripts or redirect users to malicious sites by supplying crafted URLs that exploit path normalization and protocol-relative bypasses.

    How to fix Open Redirect?

    Upgrade nuxt to version 3.21.7, 4.4.7 or higher.

    <3.21.7>=4.0.0-alpha.1 <4.4.7
    • M
    Cross-site Scripting (XSS)

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the NuxtLink href when attacker-controlled input is bound to the to or href properties. An attacker can execute arbitrary scripts in the context of the application by supplying a crafted javascript: or data: URL, which is reflected into the rendered markup and executed when a user clicks the link. This also exposes a phishing surface by allowing data URLs to be reflected through the same sink, enabling deceptive links anchored to legitimate application content.

    How to fix Cross-site Scripting (XSS)?

    Upgrade nuxt to version 3.21.7, 4.4.7 or higher.

    <3.21.7>=4.0.0-0 <4.4.7
    • M
    Cross-site Scripting (XSS)

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper handling of URL inputs in the navigateTo function. An attacker can execute arbitrary script code by inserting specially crafted payloads into the URL that bypass the protocol checks.

    Note

    This is only exploitable if server-side rendering (SSR) has occurred; the javascript: protocol within a location header does not trigger XSS.

    How to fix Cross-site Scripting (XSS)?

    Upgrade nuxt to version 3.12.4 or higher.

    <3.12.4