CVE-2023-3224
published 2023-06-13CVE-2023-3224: Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.
PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
58.65%
99.0th percentile
Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nuxt | nuxt | >= 3.4.0 < 3.4.3 | 3.4.3 |
| nuxt | nuxt | >= 3.4.0 < 3.4.3 | 3.4.3 |
| nuxt | nuxt_nuxt | >= unspecified < 3.5.3 | 3.5.3 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
nuxt Code Injection vulnerability
ghsa·2023-06-13
CVE-2023-3224 [CRITICAL] CWE-94 nuxt Code Injection vulnerability
nuxt Code Injection vulnerability
he Nuxt dev server between versions 3.4.0 and 3.4.3 is vulnerable to code injection when it is exposed publicly.
OSV
nuxt Code Injection vulnerability
osv·2023-06-13
CVE-2023-3224 [CRITICAL] nuxt Code Injection vulnerability
nuxt Code Injection vulnerability
he Nuxt dev server between versions 3.4.0 and 3.4.3 is vulnerable to code injection when it is exposed publicly.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-06-13
Published