A medium-severity in Nuxt DevTools was responsibly disclosed, and has been fixed for version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. security vulnerability Nuxt DevTools users are encouraged to upgrade to the latest version. Read more details below. A vulnerability chain in Nuxt DevTools allows remote code execution in development environments through a combination of cross-site scripting (XSS), authentication token exfiltration, and path traversal. The vulnerability exists in the DevTools authentication page where error messages are rendered without proper sanitization, enabling DOM-based XSS.

An attacker can exploit this to steal authentication tokens and leverage a path traversal vulnerability in the WebSocket message handler to write arbitrary files outside the intended directory, leading to remote code execution when configuration files are overwritten. The XSS was resolved by displaying errors as textContent instead of innterHTML in: Thanks to @yuske for responsible disclosure. Read more Summary Impact Resolution Workarounds Credit References Nuxt DevTools 2.6.4 Avoid publicly exposing Nuxt DevTools or running Nuxt…