Slow Fog: A case of remote code execution vulnerability attack in Nuxt.js, please upgrade promptly

2023-06-15 15:41:43

Collection

ChainCatcher news, according to a tweet from SlowMist, the Nuxt.js remote code execution vulnerability (CVE-2023-3224) PoC has been made public on the internet, and there have been cases of attacks. Nuxt.js is a lightweight application framework based on Vue.js, used to create server-side rendered (SSR) applications, and can also serve as a static site engine to generate static site applications, featuring elegant code structure layering and hot reloading.

There is a code injection vulnerability in Nuxt, which allows remote unauthorized attackers to inject malicious code and gain access to the target server's permissions when the server is started in development mode. Versions Nuxt == 3.4.0, Nuxt == 3.4.1, and Nuxt == 3.4.2 are all affected. Many platforms in the cryptocurrency industry use this solution to build front-end and back-end services, so please be aware of the risks and upgrade Nuxt to version 3.4.3 or above. (Source link)

Related tags

Slow fog Nuxt.js Nuxt

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.