CVE-2023-3224

Name of the Vulnerable Software and Affected Versions nuxt versions prior to 3.5.3 nuxt versions 3.4.0 through 3.4.3

Description The issue concerns code injection in the Nuxt dev server. When the dev server is exposed publicly, it is vulnerable to code injection. This affects versions of nuxt prior to 3.5.3, specifically including versions 3.4.0 through 3.4.3.

Recommendations For versions 3.4.0 through 3.4.3, update to version 3.5.3 or later to resolve the issue. For versions prior to 3.5.3, update to version 3.5.3 or later to resolve the issue. As a temporary workaround, consider restricting public exposure of the Nuxt dev server until a patch is applied.