CVE-2019-13506 Information

Feb 14, 2021 cve

Description

@nuxt/devalue before 1.2.3 as used in Nuxt.js before 2.6.2 mishandles object keys leading to XSS.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/nuxt/devalue/pull/8 https://github.com/nuxt/devalue/releases/tag/v1.2.3 https://github.com/nuxt/nuxt.js/commit/0d5dfe71917191c5b07f373896311f2d8f6b75be https://github.com/nuxt/nuxt.js/compare/c0776eb…8d14cd4 https://github.com/nuxt/nuxt.js/releases/tag/v2.6.2 https://www.npmjs.com/advisories/814

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1

Share on: