According to SlowMist, the Nuxt.js remote code execution vulnerability (CVE-2023-3224) PoC has been made public on the Internet, and attack cases have already appeared. Nuxt.js is a lightweight application framework based on Vue.js that can be used to create server-side rendering (SSR) applications, and can also act as a static site engine to generate static site applications. It has features such as elegant code structure layering and hot loading.

There is a code injection vulnerability in Nuxt. When the server is started in development mode, a remote unauthorized attacker can exploit this vulnerability to inject malicious code and obtain the target server's permissions. Among them, Nuxt == 3.4.0, Nuxt == 3.4.1, and Nuxt == 3.4.2 are all affected. The tweet mentioned that a large number of platforms in the cryptocurrency industry use this solution to build front-end and back-end services. Please pay attention to the risks and upgrade Nuxt to version 3.4.3 or above.