CVE-2019-13506

Name of the Vulnerable Software and Affected Versions @Nuxt/devalue versions prior to 1.2.3 Nuxt.js versions prior to 2.6.2

Description The issue is related to the mishandling of object keys, leading to Cross-Site Scripting (XSS). Insufficient input sanitization allows an attacker to inject arbitrary JavaScript code through object keys.

Recommendations For @Nuxt/devalue versions prior to 1.2.3, upgrade to version 1.2.3 or later. For Nuxt.js versions prior to 2.6.2, upgrade to version 2.6.2 or later.