CVE-2024-34343 – This vulnerability in Nuxt's navigateTo functio... (How to Fix)

Q: What is the severity of CVE-2024-34343?

CVE-2024-34343 has a CVSS score of 6.3 (MEDIUM). This vulnerability in Nuxt's navigateTo function allows cross-site scripting (XSS) attacks by bypassing JavaScript protocol blocking. Attackers can inject malicious JavaScript that executes in users' browsers after server-side rendering. All Nuxt applications using affected versions are vulnerable to this client-side XSS.

📋 TL;DR

This vulnerability in Nuxt's navigateTo function allows cross-site scripting (XSS) attacks by bypassing JavaScript protocol blocking. Attackers can inject malicious JavaScript that executes in users' browsers after server-side rendering. All Nuxt applications using affected versions are vulnerable to this client-side XSS.

💻 Affected Systems

Products:

Nuxt

Versions: Versions before 3.12.4

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only impacts applications after SSR (server-side rendering) has occurred. Does not affect javascript: protocol in location headers.

📦 What is this software?

Nuxt by Nuxt

View all CVEs affecting Nuxt →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full account takeover, session hijacking, credential theft, and complete client-side compromise through malicious JavaScript execution in users' browsers.

🟠

Likely Case

Session hijacking, credential theft, and client-side data exfiltration through XSS payloads delivered via manipulated URLs.

🟢

If Mitigated

Limited impact with proper Content Security Policy (CSP) headers and input validation, though XSS may still occur in certain scenarios.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (clicking malicious link) but is straightforward with publicly available techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.12.4

Vendor Advisory: https://github.com/nuxt/nuxt/security/advisories/GHSA-vf6r-87q4-2vjf

Restart Required: Yes

Instructions:

1. Update package.json to specify 'nuxt': '^3.12.4'. 2. Run 'npm update nuxt' or 'yarn upgrade nuxt'. 3. Restart the Nuxt application server. 4. Verify the update with 'npm list nuxt' or 'yarn list nuxt'.

🔧 Temporary Workarounds

No workarounds available

all

The vendor advisory states there are no known workarounds for this vulnerability

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to block inline JavaScript execution
Add additional input validation and sanitization for all URL parameters and user inputs

🔍 How to Verify

Check if Vulnerable:

Check package.json for Nuxt version below 3.12.4 or run 'npm list nuxt' / 'yarn list nuxt' to see installed version

Check Version:

npm list nuxt | grep nuxt || yarn list nuxt | grep nuxt

Verify Fix Applied:

Confirm Nuxt version is 3.12.4 or higher using 'npm list nuxt' or 'yarn list nuxt'

📡 Detection & Monitoring

Log Indicators:

Unusual URL patterns with javascript: protocol attempts
Multiple failed URL parsing attempts
Client-side error logs containing script execution errors

Network Indicators:

HTTP requests containing javascript: protocol in parameters
Unusual redirect patterns with encoded whitespace characters

SIEM Query:

web.url CONTAINS 'javascript:' OR web.url CONTAINS '%0A' OR web.url CONTAINS '%09'

📊 Metadata

CVE ID: CVE-2024-34343

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE: CWE-79

Published: August 5, 2024

Last Updated: September 19, 2024

🔗 References

https://github.com/nuxt/nuxt/security/advisories/GHSA-vf6r-87q4-2vjf Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-34343, you might also want to check these: