{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0e2bbbaa-4084-5c77-b362-5cf07038225c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/nuxt@0.10.7-tuxcare.1", "type": "library", "name": "nuxt", "version": "0.10.7-tuxcare.1", "purl": "pkg:npm/nuxt@0.10.7-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c15ef28f-a8f0-5076-b7d5-d5789eac48bf", "id": "CVE-2017-16138", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-16138 affects version 0.10.7-tuxcare.1 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3901b26b-9ace-52af-8d50-7db46021d342", "id": "CVE-2024-27088", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-27088 is fixed in version 0.10.7-tuxcare.1 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:784294b9-89ee-5ba2-85a4-409f583abcf5", "id": "CVE-2024-34343", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34343 is fixed in version 0.10.7-tuxcare.1 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:807c1f7c-2e40-547b-871a-8dcc1d6956c3", "id": "CVE-2024-6783", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6783 affects version 0.10.7-tuxcare.1 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f59dd499-1440-5976-9e4a-4d1a03e90ec7", "id": "CVE-2024-9506", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-9506 affects version 0.10.7-tuxcare.1 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df754c54-c5cf-5549-9b2c-1dcf02ec1d40", "id": "CVE-2025-68458", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68458 affects version 0.10.7-tuxcare.1 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1421f892-3d16-5770-8300-df6c729deb0e", "id": "CVE-2026-45669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45669 affects version 0.10.7-tuxcare.1 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4eaa3a89-7c12-535f-9ddb-7c0da497425e", "id": "CVE-2026-46342", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46342 affects version 0.10.7-tuxcare.1 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ede7091-5501-5850-b52f-31e37e8c38a1", "id": "CVE-2026-47200", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-47200 does not affect version 0.10.7-tuxcare.1 of nuxt. not_affected \u2014 The target repository (Nuxt 0.10.7, circa 2017) does not contain the vulnerable feature. CVE-2026-47200 affects the component islands feature (experimental.componentIslands) introduced in Nuxt 3+ (2022+), which allows .server.vue pages to be rendered via the /__nuxt_island/ endpoint without executing route middleware. This feature and endpoint do not exist in Nuxt 0.10.7." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d011bc0e-3622-57dc-8d06-72aec20b8bc8", "id": "CVE-2026-53722", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53722 affects version 0.10.7-tuxcare.1 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:488ff69f-2d9d-5169-aa99-4fc8db956fed", "id": "CVE-2026-56326", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-56326 does not affect version 0.10.7-tuxcare.1 of nuxt. not_affected \u2014 Nuxt 0.10.7 is not affected by CVE-2026-56326. The vulnerability requires URL constructor path normalization (turning /..//evil.com into //evil.com) which is specific to Nuxt 3.x/4.x architecture. Nuxt 0.10.7 uses a different redirect mechanism (ctx.redirect with urlJoin) that collapses multiple slashes before setting the Location header, preventing protocol-relative URL formation through any c..." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6264db30-2ed3-516e-82b2-89a1af4670be", "id": "GHSA-c9cv-mq2m-ppp3", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 does not affect version 0.10.7-tuxcare.1 of nuxt. not_affected \u2014 Target repository (Nuxt v0.10.7) uses a different architecture that predates the vulnerable APIs (navigateTo, reloadNuxtApp). The existing redirect mechanism has equivalent protections via the urlJoin() function that prevent the path-normalization bypass. The other two vulnerabilities target APIs that do not exist in this version." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b25c1f65-4ce1-55ef-8658-d3a8189c1392", "id": "GHSA-m3q2-p4fw-w38m", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-m3q2-p4fw-w38m does not affect version 0.10.7-tuxcare.1 of nuxt. not_affected \u2014 Nuxt v0.10.7-tuxcare.1 does not contain the vulnerable