1 results (0.004 seconds)
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42352 – Server-Side Request Forgery (SSRF) in nuxt-icon
https://notcve.org/view.php?id=CVE-2024-42352
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. `nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_icon/[name]`. The proxied request path is improperly parsed, allowing an attacker to change the scheme and host of the request. This leads to SSRF, and could potentially lead to sensitive data exposure. • https://github.com/nuxt/icon/security/advisories/GHSA-cxgv-px37-4mp2 • CWE-918: Server-Side Request Forgery (SSRF) •