Nuxt Framework - Remote Code Execution CVE-2023-3224

Nuxt Framework is affected by a Remote Code Execution vulnerability inside the nuxt-root.vue component. The root cause of this vulnerability is improper sanitization of user-provided input in the URL by accessing /__nuxt_component_test__/ endpoint. This allows an unauthenticated malicious attacker to execute commands on the Node.js server.

The risk exists that a remote unauthenticated attacker can fully compromise the Node.js server in order to steal confidential information, install ransomware or pivot to the internal network.

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Update the Nuxt Framework to one of the currently fixed versions: 3.5.4.