Description

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary commands. Users who open a malicious web page in the browser while running the test locally are affected by this vulnerability, which results in the remote code execution from the malicious web page. Since web pages can send requests to arbitrary addresses, a malicious web page can repeatedly try to exploit this vulnerability, which then triggers the exploit when the test server starts.

INFO

Published Date :

2024-08-05T20:36:20.878Z

Last Modified :

2024-08-12T19:50:45.928Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-34344 vulnerability.

Vendors Products
Nuxt
  • Nuxt
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-34344.

URL Resource
https://github.com/nuxt/nuxt/security/advisories/GHSA-v784-fjjh-f8r4 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact