icon

We found results for “

CVE-2025-24360

Good to know:

icon

Date: January 24, 2025

Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite builder may get the source code stolen by malicious websites. Version 3.15.3 fixes the vulnerability.

Severity Score

Severity Score

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

icon

Upgrade Version

Upgrade to version @nuxt/vite-builder - 3.15.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us