{"uuid": "a354b7ec-7bd9-4855-9079-58cc2ae69007", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-534h-c3cw-v3h9", "type": "seen", "source": "https://gist.github.com/alon710/c72d8ccc2ba2b93c204ffeec4b0037ef", "content": "# GHSA-534H-C3CW-V3H9: GHSA-534h-c3cw-v3h9: Local Information Disclosure via Abstract-Namespace Socket in Nuxt Dev Server\n\n> **CVSS Score:** 5.5\n> **Published:** 2026-06-16\n> **Full Report:** https://cvereports.com/reports/GHSA-534H-C3CW-V3H9\n\n## Summary\nA local security vulnerability in the Nuxt development server (nuxt dev) allows local unprivileged users to access sensitive configuration files and source code. On Linux environments running Node.js 20+, Nuxt bound its internal vite-node IPC server to an abstract-namespace Unix socket without any peer authentication, enabling co-resident local users to connect and request module code directly.\n\n## TL;DR\nNuxt dev server's use of abstract-namespace Unix sockets on Linux allowed unauthorized local users to connect to the internal IPC server and extract sensitive developer files (such as .env files) without authentication.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-276\n- **Attack Vector**: Local\n- **Attack Complexity**: Low\n- **Privileges Required**: Low\n- **User Interaction**: None\n- **Scope**: Unchanged\n- **Confidentiality Impact**: High\n- **Exploit Status**: Proof of Concept\n\n## Affected Systems\n\n- Nuxt Development Framework\n- **nuxt**: >= 4.0.0, < 4.4.7 (Fixed in: `4.4.7`)\n- **nuxt**: >= 3.18.0, < 3.21.7 (Fixed in: `3.21.7`)\n\n## Mitigation\n\n- Update the nuxt dependency in package.json to the latest secure release.\n- Containerize the development environment using Docker or Podman to isolate Unix network namespaces.\n- Configure host system process boundaries (e.g., hidepid mount options) to prevent unprivileged socket enumeration.\n\n**Remediation Steps:**\n1. Run `npm update nuxt` or `yarn upgrade nuxt` to update the dependency to version 4.4.7+ or 3.21.7+.\n2. Verify your node modules contain the patched code in packages/vite/dist/index.mjs.\n3. Avoid running local dev environments on multi-tenant systems without strict containerization.\n\n## References\n\n- [GitHub Security Advisory GHSA-534h-c3cw-v3h9](https://github.com/advisories/GHSA-534h-c3cw-v3h9)\n- [Nuxt Security Advisory](https://github.com/nuxt/nuxt/security/advisories/GHSA-534h-c3cw-v3h9)\n- [Nuxt main patch commit (v4 branch)](https://github.com/nuxt/nuxt/commit/1f9f4767a8725104da9bee872bb8d35246f25ae5)\n- [Nuxt backport patch commit (v3 branch)](https://github.com/nuxt/nuxt/commit/c293bf9503ccb3bc9559bff4a1f592f99063c9ea)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-534H-C3CW-V3H9) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-16T18:01:13.000000Z"}