exploitDog

CVE-2019-13506

Опубликовано: 11 июл. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandles object keys, leading to XSS.

Ссылки

https://github.com/nuxt/devalue/pull/8
Patch
Third Party Advisory
https://github.com/nuxt/devalue/releases/tag/v1.2.3
Release Notes
Third Party Advisory
https://github.com/nuxt/nuxt.js/commit/0d5dfe71917191c5b07f373896311f2d8f6b75be
Patch
Third Party Advisory
https://github.com/nuxt/nuxt.js/compare/c0776eb...8d14cd4
Release Notes
Third Party Advisory
https://github.com/nuxt/nuxt.js/releases/tag/v2.6.2
Release Notes
Third Party Advisory
https://www.npmjs.com/advisories/814
Third Party Advisory
https://github.com/nuxt/devalue/pull/8
Patch
Third Party Advisory
https://github.com/nuxt/devalue/releases/tag/v1.2.3
Release Notes
Third Party Advisory
https://github.com/nuxt/nuxt.js/commit/0d5dfe71917191c5b07f373896311f2d8f6b75be
Patch
Third Party Advisory
https://github.com/nuxt/nuxt.js/compare/c0776eb...8d14cd4
Release Notes
Third Party Advisory
https://github.com/nuxt/nuxt.js/releases/tag/v2.6.2
Release Notes
Third Party Advisory
https://www.npmjs.com/advisories/814
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nuxtjs:\@nuxt\/devalue:*:*:*:*:*:node.js:*:*

Версия до 1.2.3 (исключая)

cpe:2.3:a:nuxtjs:nuxt.js:*:*:*:*:*:node.js:*:*

Версия до 2.6.2 (исключая)

EPSS

Процентиль: 68%

0.00561

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-6677-83pp-f862

CVSS3: 6.1

github

больше 6 лет назад

Cross-Site Scripting in @nuxt/devalue

EPSS

Процентиль: 68%

0.00561

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79