Server-Side Request Forgery (SSRF) Affecting @nuxt/icon package, versions <1.4.5


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    Exploit Maturity
    Proof of concept
    EPSS
    0.09% (38th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-NUXTICON-7641072
  • published 6 Aug 2024
  • disclosed 5 Aug 2024
  • credit OhB00

How to fix?

Upgrade @nuxt/icon to version 1.4.5 or higher.

Overview

@nuxt/icon is a nuxt-icon

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) due to improper user input sanitization in the new URL constructor used in the /api/_nuxt_icon endpoint. By modifying the scheme and host within the URL, an attacker can manipulate the request URL to redirect requests to an unintended server.

Workaround

This vulnerability can be mitigated by disabling the fallbackToApi option or ensuring the host has not been changed after the path is parsed.

PoC

/api/_nuxt_icon/http:example.com

CVSS Scores

version 4.0
version 3.1
Expand this section

Snyk

Recommended
8.7 high
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Attack Requirements (AT)
    None
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Confidentiality (VC)
    High
  • Integrity (VI)
    None
  • Availability (VA)
    None
  • Confidentiality (SC)
    None
  • Integrity (SI)
    None
  • Availability (SA)
    None