chore(deps): update devdependency nuxt to ^4.4.7 [security]#355
Open
renovate[bot] wants to merge 1 commit into
Open
chore(deps): update devdependency nuxt to ^4.4.7 [security]#355renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
commit: |
renovate
Bot
force-pushed
the
renovate/npm-nuxt-vulnerability
branch
from
ee7172f to
c2bb5a3
Compare
renovate
Bot
changed the title
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/npm-nuxt-vulnerability
branch
from
c2bb5a3 to
740bab2
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/npm-nuxt-vulnerability
branch
2 times, most recently
from
57db391 to
e8ee8df
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/npm-nuxt-vulnerability
branch
from
e8ee8df to
9791031
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/npm-nuxt-vulnerability
branch
from
9791031 to
6ec54a5
Compare
renovate
Bot
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^4.4.6→^4.4.7Nuxt: Reflected XSS in
navigateTo()external redirectCVE-2026-45669 / GHSA-fx6j-w5w5-h468
More information
Details
Summary
navigateTo()withexternal: truegenerates a server-side HTML redirect body containing a<meta http-equiv="refresh">tag. The destination URL is only sanitized by replacing"with%22, leaving<,>,&, and'unencoded. An attacker who can influence the URL passed tonavigateTo(url, { external: true })can break out of thecontent="…"attribute and inject arbitrary HTML/JavaScript that executes under the application's origin.This is a different root cause from CVE-2024-34343 (GHSA-vf6r-87q4-2vjf), which addressed
javascript:protocol bypass. The issue here is triggered by any valid URL containing>.Impact
Applications that pass user-controlled input to
navigateTo(url, { external: true })— typically via a?next=/?redirect=query parameter used for post-login or "return to" flows — are vulnerable to reflected cross-site scripting. The injected script runs in the context of the application's origin during the server-rendered redirect response, before the meta-refresh fires.Details
In
packages/nuxt/src/app/composables/router.ts, the SSR redirect path builds an HTML response body with only"percent-encoded in the destination URL:The
Locationheader is normalised throughencodeURL()(which uses theURLconstructor and correctly percent-encodes attribute-significant characters). The HTML body uses a narrower sanitiser. That mismatch is the root cause.Proof of concept
Global middleware that forwards a query parameter to
navigateTo:Request:
Response body:
The
>afterevil.example/xterminates thecontent="…"attribute, and the<img onerror>tag executes JavaScript in the application's origin before any redirectoccurs.
Patches
Fixed in
nuxt@4.4.6andnuxt@3.21.6by #35052. The fix percent-encodes the full set of HTML-attribute-significant characters (&,",',<,>) before interpolating the URL into the meta-refresh bodyWorkarounds
If you can't upgrade immediately, validate user-controlled URLs before passing them to
navigateTo(url, { external: true }). At minimum, normalise throughnew URL(input).toString()and reject inputs containing<or>(a normalised URL with these characters is malformed and safe to refuse).Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Nuxt:
__nuxt_islandendpoint does not bind responses to request props, enabling shared-cache poisoningCVE-2026-46342 / GHSA-g8wj-3cr3-6w7v
More information
Details
Summary
The
/__nuxt_island/*endpoint accepts attacker-controlledpropsquery/body parameters and renders any island component without verifying that the URL-resident hash (<Name>_<hashId>.json) was actually issued for those inputs by<NuxtIsland>. The hash is computed and embedded client-side but never validated server-side, so the same path can return materially different responses depending on the query.Island components are documented as rendering independently of route context - page middleware does not apply to them, and they are intentionally cacheable as a function of their props. This advisory does not treat that contract as a vulnerability. It treats the absence of a binding between the URL the cache keys on and the response served at that URL as one.
Impact
In applications where a CDN or reverse-proxy in front of the app caches
/__nuxt_island/*keyed by path only (ignoring query) - a documented misconfiguration class, see GHSA-jvhm-gjrh-3h93 - an attacker can prime the cache for a path with their own choice of props, and subsequent users requesting the same path receive the attacker's rendered HTML rather than the response intended for them. The cache entry persists until normal expiry.Where the affected island has any prop flowing into an unsafe HTML sink in application code (
v-html,innerHTML, a third-party renderer treating a prop as HTML), this becomes stored XSS in the embedding page's origin until the cache entry expires.HttpOnlycookies remain out of reach but anything else in the origin (other cookies, in-origin requests, DOM state) is reachable by the injected script.Preconditions:
experimental.componentIslandsenabled (or the default'auto'with at least one server / island component in the app).Without the second precondition, the response shape is per-request and unaffected. Without the third, the worst case is content-swap / inert HTML injection rather than script execution.
Patches
Patched in
nuxt@4.4.6andnuxt@3.21.6by #35077. The island handler now recomputes the expectedhashIdfrom(name, props, context)using the sameohashfunction<NuxtIsland>already uses to embed the hash in the URL, and rejects requests (HTTP 400) whose URL-resident hash does not match. The response is now a pure function of the request path: a path-keyed shared cache returns the correct response to every requester for that path, and an attacker cannot synthesise a path whose hash matches arbitrary props.Workarounds
For users unable to upgrade immediately:
/__nuxt_island/*on the full query string, not on the path alone. This is the recommended configuration regardless.v-html/innerHTML/ similar HTML sinks; treat island props as untrusted user input.Note on island authentication
A separate advisory addresses
*.server.vuepages registered aspage_<routeName>islands, where the documented "middleware doesn't run for islands" contract collides with the page's owndefinePageMeta({ middleware })declaration in a way that constitutes a genuine bug rather than documented behaviour.Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Nuxt's route middleware is not enforced when rendering
.server.vuepages via/__nuxt_island/page_*CVE-2026-47200 / GHSA-hg3f-28rg-4jxj
More information
Details
Summary
When
experimental.componentIslandsis enabled (default in Nuxt 4), any.server.vuefile underpages/is automatically registered as a server island under the keypage_<routeName>and exposed via the/__nuxt_island/:nameendpoint. Until this fix, requests through that endpoint rendered the page component directly via the SSR renderer without instantiating Vue Router, which meant route middleware declared on the page (includingdefinePageMeta({ middleware })) did not run.For Nuxt applications that gate a
.server.vuepage behind route middleware as their sole auth check, an unauthenticated attacker could bypass that check by requesting/__nuxt_island/page_<routeName>_<anyhash>directly and receiving the server-rendered HTML.Affected configurations
All three conditions must hold for an application to be vulnerable:
experimental.componentIslandsis enabled (the default in Nuxt 4; opt-in in Nuxt 3)..server.vuefiles underpages/, registering them as routed pages.middleware/*.tsreferenced fromdefinePageMeta), without a server-side check inside the page or its data layer.Applications that enforce auth inside the island's own data layer (server-only API routes,
useRequestEvent+ manual session checks, etc.) were not affected. The general "route middleware does not run for non-page island components" behaviour is documented and unchanged; this advisory concerns the.server.vuepage case specifically, where running middleware is the user's clear expectation.Details
packages/nuxt/src/components/templates.ts):.server.vuepages are registered as island components withpage_prefix, making them addressable through/__nuxt_island/page_<routeName>_<hashId>.packages/nitro-server/src/runtime/handlers/island.ts): the handler resolves the requested island component and renders it viarenderer.renderToString(ssrContext). The Vue Router plugin previously short-circuited middleware execution wheneverssrContext.islandContextwas set.Proof of concept
Given a page
app/pages/secret.server.vue:with
middleware/auth.tsblocking unauthenticated access:Patches
Patched in
nuxt@4.4.6andnuxt@3.21.6by #35092. The Vue Router plugin now runs middleware and redirect handling forpage_*islands (i.e. islands that originate from.server.vuefiles inpages/). The island handler propagates middleware-issued responses (~renderResponse), and a newbeforeResolveguard returns HTTP 400 when the requestedpage_<name>does not match the route component the URL resolves to.Non-page island components are unaffected - they continue to render without route middleware, by design.
Workarounds
If you cannot upgrade immediately:
.server.vuepage itself, not via route middleware. Read the session fromuseRequestEvent()andthrow createError({ statusCode: 401 })(or redirect) before returning data. This is the recommended pattern for islands regardless of this advisory.experimental.componentIslandsif your app does not use the feature./__nuxt_island/page_*URL prefix at your reverse proxy or in a server middleware.Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Nuxt: Dev server discloses project absolute path and persistent workspace UUID via
/.well-known/appspecific/com.chrome.devtools.jsonGHSA-rq7w-g337-39qq
More information
Details
Summary
When running
nuxt dev, Nuxt registers an unauthenticated route at/.well-known/appspecific/com.chrome.devtools.jsonthat returns the absolute filesystem path of the project root and a per-project UUID persisted tonode_modules/.cache/nuxt/chrome-workspace.json. The route is enabled by default viaexperimental.chromeDevtoolsProjectSettings: true.The endpoint exists to let Chrome DevTools' Workspace integration map sources to the developer's local checkout. The handler is registered directly on
nitro.options.devHandlersand does not pass through the CORS / origin wrapper that the rest of the dev pipeline uses, so it has no host / origin /Sec-Fetch-Sitecheck of its own.Impact
Dev-server only. Production builds do not register the route.
Two values are disclosed:
workspace.root: the absolute filesystem path of the project (commonly reveals the OS username and the on-disk project name).workspace.uuid: a v4 UUID persisted tonode_modules/.cache/nuxt/chrome-workspace.json, stable across dev-server restarts and re-clones.Threat model
The response carries no
Access-Control-Allow-Originheader. A cross-originfetch()from an arbitrary malicious page is therefore blocked by the browser's same-origin policy and cannot read the body. The two realistic recovery paths are:nuxt dev --host(or otherwise binds to a non-loopback interface). A plaincurl http://<dev-lan-ip>:3000/.well-known/appspecific/com.chrome.devtools.jsonreturns the JSON; no browser, no CORS.127.0.0.1after the TTL; the browser believes the request is same-origin and reads the response.Affected versions
nuxt@4.0.0-alpha.1(PR #32084) throughnuxt@4.4.6.3.xis not affected.Reproduction
npx nuxt dev curl -s http://localhost:3000/.well-known/appspecific/com.chrome.devtools.json ##### {"workspace":{"uuid":"...","root":"/Users/<name>/..."}}Workaround
Set
experimental: { chromeDevtoolsProjectSettings: false }innuxt.config.ts. Chrome DevTools' Workspace auto-integration will stop working; the dev server is otherwise unaffected.Patches
Fixed in
nuxt@4.4.7by #35201 (commit55c75b78). The handler is now routed through the same host / origin gate the rest of the dev server uses, so the endpoint only responds to requests that look local.Severity
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Nuxt: URL-handling weaknesses in
navigateToandreloadNuxtApp: SSR open redirect, client-side script execution via theopenoption, and protocol-relative bypass inreloadNuxtAppGHSA-c9cv-mq2m-ppp3
More information
Details
Summary
Three weaknesses in Nuxt's client-navigation URL handling, all reachable
from documented public APIs (
navigateToandreloadNuxtApp):SSR open redirect in
navigateTovia path-normalisation bypass.navigateTodecided whether a target was external by inspecting the rawinput with
hasProtocol(..., { acceptRelative: true }). Inputs such as/..//evil.com,/.//evil.com,/%2e%2e//evil.com, or/app/..//evil.comslipped past that check because they start with/, but WHATWG URL parsing then normalised them to theprotocol-relative pathname
//evil.com. The normalised value waswritten to the
Locationresponse header and into the<meta http-equiv="refresh">body of the SSR redirect page, so avictim's browser would resolve the redirect cross-origin to the
attacker's host.
Client-side script execution via
navigateTo({ open: ... }). Theclient-side early-open handler called
window.open(toPath, ...)withoutapplying the
isScriptProtocolcheck that gates the normalnavigateTopath. A target of
javascript:...(or another script-capable scheme)passed to
navigateTo(url, { open: { ... } })therefore executed in theapplication's origin instead of being rejected.
Open redirect in
reloadNuxtAppvia protocol-relative bypass.reloadNuxtApp({ path })rejects script-capable protocols by parsingthe path with
new URL(path, window.location.href)and checking theresolved
protocolagainstisScriptProtocol. Protocol-relative pathssuch as
//evil.comresolve to the current page's protocol (https:),which passes that check; the value is then assigned to
window.location.href, which the browser treats as a cross-originredirect. This is the same protocol-relative bypass family as (1), in
a different sink.
Impact
For (1), the practical risk is phishing or OAuth-code theft against any
Nuxt app that forwards user-controlled input (for example a
?next=query parameter on a login route) into
navigateToon the server. Theframework documents that
navigateToblocks external hosts unlessexternal: trueis passed, so maintainers commonly rely on it as thesafe path for post-login redirects.
For (2), any app that passes a user-controlled URL into
navigateTo(url, { open: { ... } })was vulnerable to reflected XSS inthe application's first-party origin.
For (3), any app that forwards user-controlled input into
reloadNuxtApp({ path })could be redirected cross-origin for phishingor OAuth-code theft, even on releases that already shipped the
isScriptProtocolguard added by #35115.Patches
Fixed in
nuxt@4.4.7and backported tonuxt@3.21.7. The three sinksare addressed by:
navigateTo:2cce6fb01f2dd5e7navigateTo({ open })script-protocol guard:3394716d)62fc32edreloadNuxtApp:e447a7936497d99dWorkarounds
navigateTo,for example reject any input where
new URL(target, 'http://localhost').pathnamestarts with//, oronly accept a known allow-list of paths.
allow-list (typically just
http:andhttps:) before passing it tonavigateTo({ open: ... }).//(or wherenew URL(path, window.location.href).host !== window.location.host)before passing to
reloadNuxtApp({ path }).References
Credits
Reported by Anthropic / Claude as
ANT-2026-S08HN6DHthrough Anthropic'scoordinated vulnerability disclosure programme.
The
reloadNuxtAppprotocol-relative bypass (sink 3) was independentlyreported by @alcls01111 via GitHub's
coordinated disclosure flow (
GHSA-w7fp-2cfv-4837), closed as aduplicate of this advisory.
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:L/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher
CVE-2026-53721 / GHSA-mm7m-92g8-7m47
More information
Details
Impact
Nuxt looks up
routeRulesfor the current navigation by callinggetRouteRules({ path: to.path })from the page-router plugin and theno-pages router plugin. The compiled
routeRulesmatcher (built onrou3) performs case-sensitive matching, while vue-router is configuredwith its default
sensitive: falseand matches paths case-insensitively.The two routers therefore disagree on which rules apply to a given
request path: vue-router still matches the page record for
/Admin/dashboard, but therouteRuleslookup for the same pathreturns no match. Any
appMiddlewaredeclared viarouteRulesis neveradded to the middleware set and never runs, on both SSR and client
navigations. The same path skips other path-keyed route rules in the
same way (
ssr,redirect,appLayout, and the prerender / payloadhints used client-side).
For applications using
routeRuleswithappMiddlewareas anauthorization gate (a documented pattern), an attacker can flip the case
of any static segment in a protected URL (for example
/Admin/dashboardinstead of
/admin/dashboard) to render the protected page with themiddleware skipped. The server returns the fully server-rendered page
including any
useFetch/useAsyncDataresults captured during SSR.This is an instance of CWE-178 (Improper Handling of Case Sensitivity)
leading to CWE-863 (Incorrect Authorization) for apps that treat
appMiddlewareas an authorization boundary.Mitigating factors
routeRules.appMiddleware. The moreidiomatic
definePageMeta({ middleware })is bound to the matchedroute record and is unaffected.
server-side auth boundary; well-built apps enforce authorization
again at the API / data-fetching layer.
router.options.sensitive = trueare notaffected.
Patches
Fixed in
nuxt@4.4.7(commit07e39cd6) and backported tonuxt@3.21.7(commit3f3e3fa7). The fix normalizes the path used forrouteRuleslookups so it matches vue-router's default case-insensitive semantics.Workarounds
Until you can upgrade, you can mitigate by either:
router.options.sensitive = trueso vue-router matchescase-sensitively (this changes route-matching behaviour app-wide).
routeRules.appMiddlewareand onto
definePageMeta({ middleware: [...] })on the protectedpage components, which is bound to the matched record.
should be doing in any case).
Credit
Reported by Anthropic / Claude through Anthropic's coordinated
vulnerability disclosure process. Reference: ANT-2026-9FSEBYMC.
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Nuxt dev server vite-node IPC socket is world-connectable on Linux
GHSA-534h-c3cw-v3h9
More information
Details
Impact
When running
nuxt devon Linux (Node.js 20+, outside Docker / StackBlitz), Nuxt's internal vite-node IPC server binds to a Linux abstract-namespace Unix socket (\0nuxt-vite-node-<pid>-<ts>.sock). Abstract sockets have no filesystem inode and therefore no permission bits: any local UID on the host that can read/proc/net/unixcan enumerate the socket and connect to it.The IPC server does not perform any peer-credential or shared-secret check before dispatching requests. The
modulerequest type passes itsmoduleIdfield straight into Vite's SSRfetchModule(), which is not gated by Vite's HTTP-layerserver.fs.allowdeny-list. A co-resident unprivileged local user can therefore request paths like/home/<dev>/project/.env?rawor~/.ssh/id_rsa?rawand read the developer's secrets through the dev server's SSR plugin pipeline. Theresolverequest type additionally enables filesystem probing.This affects developers running
nuxt devon shared multi-tenant Linux hosts (lab machines, shared bastions, CI runners shared between jobs without per-job container isolation). It does not affect:nuxt build/nuxt start). The IPC server only runs in development.Patches
Fixed in
nuxt@4.4.7(commit1f9f4767) and backported tonuxt@3.21.7(commitc293bf95).The fix removes the abstract-namespace branch entirely. The IPC server now always binds to a filesystem Unix socket under the OS temp directory and explicitly
chmod 0600s it afterlisten(), restricting connections to the owning UID. If the chmod fails for any reason, the server closes rather than serve requests on an unrestricted channel.Workarounds
If you cannot upgrade immediately on an affected host:
nuxt devinside a container or VM with no other tenants. Docker already triggers the filesystem-socket fallback in vulnerable versions and that fallback is unaffected.unshare -U, rootless containers)./proc/net/unixvisibility viahidepid=2mount options where applicable, though this is partial mitigation only.References
packages/vite/src/plugins/vite-node.tsCredit
Reported by Anthropic / Claude as part of Anthropic's coordinated vulnerability disclosure programme, reference ANT-2026-MSNKZFAT. Thanks to the Anthropic security team for the report and the detailed reproduction.
Independently reported by @alcls01111 via GitHub's coordinated disclosure flow (
GHSA-5gvc-46gq-948j), closed as a duplicate of this advisory.Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Nuxt: Reflected XSS in
<NuxtLink>via unsanitisedjavascript:ordata:URLCVE-2026-53722 / GHSA-934w-87qh-qr26
More information
Details
Summary
<NuxtLink>did not validate the URL scheme of values bound to itstoorhrefprops before rendering them into thehrefattribute of the underlying<a>element. When an application binds attacker-controlled input (a query parameter, a CMS field, a user-supplied profile URL) to<NuxtLink :to>or:href, the attacker can supply ajavascript:orvbscript:URL that is reflected verbatim into the rendered markup. Clicking the link executes the supplied script in the origin of the Nuxt application, resulting in reflected DOM-based cross-site scripting. Adata:text/html,...payload reflected through the same sink does not execute in the application's origin but enables a same-tab phishing surface anchored to a legitimate application link.The same value was exposed to consumers of the component's
customslot via thehrefandroute.hrefprops, so applications that re-bind those values to their own anchors were affected identically.Unlike the previously reported
navigateToissue (CVE-2024-34343), the sink here is the rendered anchor itself; the existingisScriptProtocolchecks innavigateToandreloadNuxtAppare not on the code path. TheonClickhandler intentionally returns early for external links so the browser's native protocol-based navigation runs.Affected component
packages/nuxt/src/app/components/nuxt-link.tsh('a', { href: href.value, ... })in the default render, plus thehref/route.hrefprops passed to thecustomslot.hasProtocol(path, { acceptRelative: true })value as an "external link", then rendered the value directly as<a href>without rejecting script-capable protocols. There was no equivalent of thenavigateToisScriptProtocol(protocol)gate in this path.Impact
Any Nuxt application that binds user-controlled values to
<NuxtLink :to>/:hrefwas vulnerable. Common shapes: profile-link rendering (<NuxtLink :to="user.website">), "share this" / "open in new tab" handlers that pass through a query parameter, CMS-driven landing pages that render<NuxtLink :to="cms.cta.url">, and marketplace listings that show seller-supplied links.For
javascript:/vbscript:the primitive is reflected XSS in the application's first-party origin (session theft for non-HttpOnlycookies, CSRF token theft, account takeover via DOM rewriting, credential harvesting via fake login overlays). Fordata:text/html,...the attacker gets a same-tab phishing surface anchored to a legitimate application link.Patches
Fixed in
nuxt@4.4.7(commit0103ce06) and backported tonuxt@3.21.7(commit53284043). The fix sanitises the resolved externalhrefbefore it is passed to<a>or thecustomslot: control characters and whitespace are stripped, leadingview-source:prefixes are unwrapped, and any remaining script-capable scheme (perisScriptProtocol) causes thehrefto be replaced with an empty string.Workarounds
Until you can upgrade, validate URLs at the source before binding them to
<NuxtLink :to>/:href. For example, only accept paths that start with/(and not//), or run user-supplied URLs throughnew URL(value)and reject anything whoseprotocolis not in an allow-list (typicallyhttp:andhttps:).Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Cross-site scripting via slot content in Nuxt's head components
GHSA-m3q2-p4fw-w38m
More information
Details
Impact
Nuxt's globally registered
<NoScript>component (from@unhead/vuehead components, re-exported by Nuxt) wrote its default-slot content to theinnerHTMLof the<noscript>head tag, bypassing the HTML escaping that{{ }}interpolation normally applies in Vue templates.Applications that placed untrusted, attacker-controllable data inside a
<NoScript>slot, for example:would emit that value unescaped inside
<noscript>in the server-rendered HTML. With scripting enabled, the HTML parser treats<noscript>content in<head>under the "in head noscript" insertion mode: any tag other thanlink,meta,noframes, orstyleimplicitly closes<noscript>and is re-processed in the head. A payload such as<script>...</script>therefore escapes the element and executes in the document context.Sibling head components (
<Style>,<Title>) were not affected because they already routed slot text through the safetextContentpath.Affected versions
All currently supported versions of
nuxtthat ship the<NoScript>global component.Patches
Fixed in
nuxt@4.4.7(commit4b054e9d) and backported tonuxt@3.21.7(commit7fea9fd6). The fix escapes<NoScript>slot content withescapeHtmlfrom@vue/sharedand writes it totextContentrather thaninnerHTML. Slot content is now rendered as text; intentional markup inside<NoScript>is no longer parsed as HTML.Workarounds
Until you can upgrade:
<NoScript>slots. Replace<NoScript>{{ x }}</NoScript>with a static string, or sanitise / HTML-escapexat the source.useHead({ noscript: [{ textContent: escapedValue }] })after escapingescapedValue.Credit
Reported to Anthropic's coordinated vulnerability disclosure pipeline by Claude (Anthropic's AI assistant) and triaged by the Anthropic security team. Reference: ANT-2026-4NJYDFFM.
Independently reported by @alcls01111 via GitHub's coordinated disclosure flow (
GHSA-8grp-wcq9-925q), closed as a duplicate of this advisory.Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Release Notes
nuxt/nuxt (nuxt)
v4.4.7Compare Source
👉 make sure to check https://github.com/nuxt/nuxt/security/advisories to view open advisories resolved by this release.
👉 Changelog
compare changes
🩹 Fixes
noSSRbefore deciding payload extraction (#35108)allowDirs(#35112)pathefor buildCache path boundary check (#35111)isValidin dev clipboard-copy listener (#35109)reloadNuxtApppath before reload (#35115)getCachedDataafter initial fetch (#35122)useFetch/useAsyncDatafactory types (#35133)isScriptProtocolguard tonavigateToopen option (#35206)<NuxtPage>(#35198)<NuxtClientFallback>ssr output (#35199).d.mts/.d.ctsinresolveTypePaths(#35235)<NoScript>slot content (4b054e9d9)vue-router(07e39cd6f)<NuxtLink>href (0103ce06f)navigateTo(2cce6fb02)reloadNuxtApp(e447a793c)💅 Refactors
es2023array methods (#34980)runInNewContextwith AST walker (d72a89ef4)📖 Documentation
🏡 Chore
execFileSyncfor safety in release scripts (1d7baaf01)✅ Tests
🤖 CI
❤️ Contributors
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.