misleading vulnerability report for Nuxt 2.17: code Injection vulnerability CVE-2023-3224 #21694
Labels
Comments
|
This report does not apply to Nuxt 2. |
danielroe
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Environment
System:
OS: Windows 10 10.0.22621
CPU: (8) x64 AMD Ryzen 5 3400G with Radeon Vega Graphics
Memory: 20.23 GB / 31.91 GB
Binaries:
Node: 18.16.0 - C:\Program Files\nodejs\node.EXE
npm: 9.7.1 - C:\Program Files\nodejs\npm.CMD
Browsers:
Edge: Spartan (44.22621.1848.0), Chromium (114.0.1823.51)
Internet Explorer: 11.0.22621.1
npmPackages:
@nuxt/content: ^1.15.1 => 1.15.1
nuxt: ^2.17.0 => 2.17.0
Reproduction
Dependabot alerts notice all my nuxt 2 projects with this vulnerability
Describe the bug
nuxt Code Injection vulnerability GHSA-gc34-5v43-h7v8
The "fix" is upgrade nuxt to 3.4.3
Additional context
No response
Logs
No response
The text was updated successfully, but these errors were encountered: