Slow Fog: A case of remote code execution vulnerability attack in Nuxt.js, please upgrade promptly
ChainCatcher news, according to a tweet from SlowMist, the Nuxt.js remote code execution vulnerability (CVE-2023-3224) PoC has been made public on the internet, and there have been cases of attacks. Nuxt.js is a lightweight application framework based on Vue.js, used to create server-side rendered (SSR) applications, and can also serve as a static site engine to generate static site applications, featuring elegant code structure layering and hot reloading.There is a code injection vulnerability in Nuxt, which allows remote unauthorized attackers to inject malicious code and gain access to the target server's permissions when the server is started in development mode. Versions Nuxt == 3.4.0, Nuxt == 3.4.1, and Nuxt == 3.4.2 are all affected. Many platforms in the cryptocurrency industry use this solution to build front-end and back-end services, so please be aware of the risks and upgrade Nuxt to version 3.4.3 or above. (Source link)