{"vulnerability": "GHSA-VG6X-RCGG-RJX6", "sightings": [{"uuid": "86da005a-4dc8-4597-b30c-24b35cd6c4d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-vg6x-rcgg-rjx6", "type": "seen", "source": "https://bsky.app/profile/azu.bsky.social/post/3li524bluem26", "content": "", "creation_timestamp": "2025-02-14T10:55:50.248974Z"}, {"uuid": "9600374f-9982-4e55-a255-562023b2f535", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-VG6X-RCGG-RJX6", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3043", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24360\n\ud83d\udd39 Description: Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite builder may get the source code stolen by malicious websites. Version 3.15.3 fixes the vulnerability.\n\ud83d\udccf Published: 2025-01-25T00:49:09.783Z\n\ud83d\udccf Modified: 2025-01-25T00:49:09.783Z\n\ud83d\udd17 References:\n1. https://github.com/nuxt/nuxt/security/advisories/GHSA-2452-6xj8-jh47\n2. https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6\n3. https://github.com/nuxt/nuxt/pull/23995\n4. https://github.com/nuxt/nuxt/commit/7eeb910bf4accb1e0193b9178c746f06ad3dd88f\n5. https://github.com/nuxt/nuxt/blob/7d345c71462d90187fd09c96c7692f306c90def5/packages/vite/src/client.ts#L257-L263\n6. https://github.com/nuxt/nuxt/blob/7d345c71462d90187fd09c96c7692f306c90def5/packages/vite/src/vite-node.ts#L39", "creation_timestamp": "2025-01-25T01:05:10.000000Z"}, {"uuid": "4c14309f-dbb0-4b41-b7bb-ece4beec87c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-vg6x-rcgg-rjx6", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113861495371199240", "content": "", "creation_timestamp": "2025-01-20T15:55:41.023196Z"}, {"uuid": "38acfff2-9451-4536-847e-674c9f9e94c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-vg6x-rcgg-rjx6", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113886275645982803", "content": "", "creation_timestamp": "2025-01-25T00:57:37.906468Z"}, {"uuid": "ed4abf8d-c2b3-451d-a2d0-169a31a610c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-VG6X-RCGG-RJX6", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2362", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24010\n\ud83d\udd39 Description: Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6.\n\ud83d\udccf Published: 2025-01-20T15:53:30.929Z\n\ud83d\udccf Modified: 2025-01-20T15:53:30.929Z\n\ud83d\udd17 References:\n1. https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6", "creation_timestamp": "2025-01-20T16:01:41.000000Z"}]}