SCA: security update for nuxt (GHSA-vf6r-87q4-2vjf)

medium Tenable Self-Hosted Container Security Plugin ID 419281

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js.
The `navigateTo` function attempts to blockthe `javascript:` protocol, but does not correctly use API's
provided by `unjs/ufo`. This library also contains parsing discrepancies. The function first tests to see
if the specified URL has a protocol. This uses the unjs/ufo package for URL parsing. This function works
effectively, and returns true for a javascript: protocol. After this, the URL is parsed using the parseURL
function. This function will refuse to parse poorly formatted URLs. Parsing javascript:alert(1) returns
null/"" for all values. Next, the protocol of the URL is then checked using the isScriptProtocol function.
This function simply checks the input against a list of protocols, and does not perform any parsing. The
combination of refusing to parse poorly formatted URLs, and not performing additional parsing means that
script checks fail as no protocol can be found. Even if a protocol was identified, whitespace is not
stripped in the parseURL implementation, bypassing the isScriptProtocol checks. Certain special protocols
are identified at the top of parseURL. Inserting a newline or tab into this sequence will block the
special protocol check, and bypass the latter checks. This ONLY has impact after SSR has occured, the
`javascript:` protocol within a location header does not trigger XSS. This issue has been addressed in
release version 3.12.4 and all users are advised to upgrade. There are no known workarounds for this
vulnerability. (CVE-2024-34343)

See Also

https://github.com/advisories/GHSA-vf6r-87q4-2vjf

Plugin Details

Severity: Medium

ID: 419281

Version: Revision 1.6

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 6/1/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 2.3

Percentile: 9.14

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2024-34343

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 5.1

Threat Score: 2

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/5/2024

Vulnerability Publication Date: 8/5/2024

Reference Information

CVE: CVE-2024-34343