CVE-2024-42352

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-42352

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42352.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-42352

Aliases

GHSA-cxgv-px37-4mp2

Published

2024-08-05T21:15:38Z

Modified

2024-10-08T04:21:00.331648Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. nuxt/icon provides an API to allow client side icon lookup. This endpoint is at /api/_nuxt_icon/[name]. The proxied request path is improperly parsed, allowing an attacker to change the scheme and host of the request. This leads to SSRF, and could potentially lead to sensitive data exposure. The new URL constructor is used to parse the final path. This constructor can be passed a relative scheme or path in order to change the host the request is sent to. This constructor is also very tolerant of poorly formatted URLs. As a result we can pass a path prefixed with the string http:. This has the effect of changing the scheme to HTTP. We can then subsequently pass a new host, for example http:127.0.0.1:8080. This would allow us to send requests to a local server. This issue has been addressed in release version 1.4.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

References

https://github.com/nuxt/icon/security/advisories/GHSA-cxgv-px37-4mp2

Affected packages

Git / github.com/nuxt/nuxt

Affected ranges

Type: GIT
Repo: https://github.com/nuxt/nuxt
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c8962964b8ced4c703804ed9cc5e54c6d486a321

Affected versions

1.*

1.0.0-rc3

v0.*

v0.10.0

v0.10.1

v0.10.2

v0.10.3

v0.10.4

v0.10.5

v0.10.6

v0.10.7

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.2.4

v0.2.5

v0.2.6

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.8

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.6

v0.4.7

v0.4.8

v0.4.9

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.6.0

v0.6.5

v0.6.6

v0.6.7

v0.6.8

v0.6.9

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.7.7

v0.7.8

v0.7.9

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.6

v0.8.8

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v0.9.7

v0.9.8

v0.9.9

v1.*

v1.0.0

v1.0.0-alpha.3

v1.0.0-alpha.4

v1.0.0-alpha1

v1.0.0-alpha2

v1.0.0-rc10

v1.0.0-rc11

v1.0.0-rc3

v1.0.0-rc4

v1.0.0-rc5

v1.0.0-rc6

v1.0.0-rc7

v1.0.0-rc8

v1.0.0-rc9

v1.0.1

v1.1

v1.1.0

v1.1.1

v1.2.0

v1.2.1

v1.3.0

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.4