CVE-2024-42352

Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 1.4.5

Description The nuxt/icon API endpoint, located at /api/ nuxt icon/[name], is vulnerable to improper parsing of the proxied request path, allowing an attacker to change the scheme and host of the request. This leads to Server-Side Request Forgery (SSRF) and could potentially lead to sensitive data exposure. The new URL constructor is used to parse the final path and can be manipulated by passing a relative scheme or path, allowing the host of the request to be changed. For example, passing a path prefixed with http: can change the scheme to HTTP, and subsequently passing a new host, such as http:127.0.0.1:8080, can allow requests to be sent to a local server.

Recommendations For versions prior to 1.4.5, upgrade to release version 1.4.5 to address this issue. As a temporary workaround, consider disabling the fallbackToApi option to mitigate the risk of exploitation. Alternatively, prefixing the path with ./ can also prevent the host from being changed after the path is parsed. Ensure the host has not been changed after the path is parsed to prevent SSRF.