ByteOS Network

NVD Vulnerability Details :

CVE-2025-24360

Received

Source-security-advisories@github.com

Published At-25 Jan, 2025 | 01:15

Updated At-25 Jan, 2025 | 01:15

Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite builder may get the source code stolen by malicious websites. Version 3.15.3 fixes the vulnerability.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	security-advisories@github.com

CWE ID: CWE-200

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/nuxt/nuxt/blob/7d345c71462d90187fd09c96c7692f306c90def5/packages/vite/src/client.ts#L257-L263	security-advisories@github.com	N/A
https://github.com/nuxt/nuxt/blob/7d345c71462d90187fd09c96c7692f306c90def5/packages/vite/src/vite-node.ts#L39	security-advisories@github.com	N/A
https://github.com/nuxt/nuxt/commit/7eeb910bf4accb1e0193b9178c746f06ad3dd88f	security-advisories@github.com	N/A
https://github.com/nuxt/nuxt/pull/23995	security-advisories@github.com	N/A
https://github.com/nuxt/nuxt/security/advisories/GHSA-2452-6xj8-jh47	security-advisories@github.com	N/A
https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6	security-advisories@github.com	N/A