Use of GET Request Method With Sensitive Query Strings Affecting @nuxt/ui package, versions <4.8.1


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JS-NUXTUI-17817935
  • published5 Jul 2026
  • disclosed2 Jul 2026
  • creditUnknown

Introduced: 2 Jul 2026

New CVE NOT AVAILABLE CWE-598  (opens in a new tab)

How to fix?

Upgrade @nuxt/ui to version 4.8.1 or higher.

Overview

@nuxt/ui is an A UI Library for Modern Web Apps, powered by Vue & Tailwind CSS.

Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the UForm and UAuthForm components when the server-side rendered form omits the method attribute. An attacker can obtain sensitive user credentials by submitting the form before client-side hydration occurs, causing the browser to send form data, including passwords, as URL query parameters.

CVSS Base Scores

version 4.0
version 3.1