PT-2024-25801 · Nuxt · Nuxt
Ry0Tak
·
Published
2024-08-05
·
Updated
2026-03-12
·
CVE-2024-34344
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Nuxt (affected versions not specified)
Description
The issue arises from insufficient validation of the
path parameter in the NuxtTestComponentWrapper, allowing an attacker to execute arbitrary JavaScript on the server side. This enables the execution of arbitrary commands. Users are affected when they open a malicious web page in the browser while running the test locally, resulting in remote code execution from the malicious web page. A malicious web page can repeatedly attempt to exploit this vulnerability, triggering the exploit when the test server starts.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Nuxt