CVE-2023-2138

Name of the Vulnerable Software and Affected Versions nuxtlabs/github-module versions prior to 1.6.2

Description The issue involves the use of hard-coded credentials in the GitHub repository nuxtlabs/github-module. A hardcoded GitHub token was found in the source code, which had access to multiple repositories under the nuxt, nuxtlabs, and nuxt-themes GitHub organizations.

Recommendations For versions prior to 1.6.2, update to version 1.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the repositories that were accessible by the hardcoded token until the update is applied.