SSRF in Nuxt Icon

CVE-2024-42352

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. `nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_icon/[name]`. The proxied request path i…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.006 (46.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2024-42352?
CVE-2024-42352 is a high-severity vulnerability in Nuxt Icon, classified under Server-Side Request Forgery (SSRF). CVSS score: 8.6/10. Published 2024-08-05.
How severe is CVE-2024-42352?
High severity. CVSS v3 base score is 8.6 out of 10.