Nuxt
Easy fix2 remedies
cpe:2.3:a:nuxt:nuxt:*:*:*:*:*:*:*
Easy fix2 remedies
- >= 3.8.1, < 3.15.3
Nuxt Development Server CORS Vulnerability Allowing Code Access
Vulnerability
Patched
A CORS vulnerability has been identified in Nuxt versions 3.8.1 prior to 3.15.3, allowing any website to send requests to the Nuxt development server and read the responses. This issue arises from default CORS settings that permit all origins to access the server. As a result, malicious websites could potentially steal source code from applications running on the affected Nuxt version.
Impact
Exploitation of this vulnerability could lead to unauthorized access to the source code of Nuxt applications, allowing malicious websites to steal sensitive information or intellectual property.
Reproduction
To reproduce this vulnerability, start a Nuxt development server using a version between 3.8.1 and 3.15.3. Then, from a malicious website, send a fetch request to the Nuxt server. The response will include the requested resource, bypassing CORS restrictions.
Remediation
Users can upgrade to Nuxt version 3.15.3 or later, where this vulnerability has been fixed. Instructions for updating Nuxt can be found in the Nuxt documentation.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
2.5exploitability
7.4remediation
8.3relevance
0.0threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.