{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a176fcc9-86ce-5d86-a09a-ab22585a1f43", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/nuxt@0.10.7", "type": "library", "name": "nuxt", "version": "0.10.7", "purl": "pkg:npm/nuxt@0.10.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5157c086-7a02-53a2-addf-06b26ab5dce0", "id": "CVE-2017-16138", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-16138 affects version 0.10.7 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7" } ] }, { "bom-ref": "urn:uuid:cfbfaa32-efab-5e0b-a237-bf02e7d77549", "id": "CVE-2024-6783", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-6783 affects version 0.10.7 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7" } ] }, { "bom-ref": "urn:uuid:240d2f82-bfbc-53e0-94c9-9fe6a56bb850", "id": "CVE-2024-9506", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-9506 affects version 0.10.7 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7" } ] }, { "bom-ref": "urn:uuid:71c674b7-01c0-532d-ad2e-10c5cb551746", "id": "CVE-2025-68458", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68458 affects version 0.10.7 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7" } ] }, { "bom-ref": "urn:uuid:c2d64046-31b3-57bc-932a-4f5c2a78decf", "id": "CVE-2026-45669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45669 affects version 0.10.7 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7" } ] }, { "bom-ref": "urn:uuid:0855e972-e41d-5139-843b-574dc2d0c53c", "id": "CVE-2026-46342", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46342 affects version 0.10.7 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7" } ] }, { "bom-ref": "urn:uuid:6baa4a3c-3ced-5434-93bc-362f9f262f57", "id": "CVE-2026-47200", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-47200 does not affect version 0.10.7 of nuxt. not_affected \u2014 The target repository (Nuxt 0.10.7, circa 2017) does not contain the vulnerable feature. CVE-2026-47200 affects the component islands feature (experimental.componentIslands) introduced in Nuxt 3+ (2022+), which allows .server.vue pages to be rendered via the /__nuxt_island/ endpoint without executing route middleware. This feature and endpoint do not exist in Nuxt 0.10.7." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7" } ] }, { "bom-ref": "urn:uuid:dbdf49dc-3442-57c3-b321-21299f4be5f9", "id": "CVE-2026-53722", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53722 affects version 0.10.7 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7" } ] }, { "bom-ref": "urn:uuid:64b536e3-a3f2-5e8d-a390-895dba43e957", "id": "CVE-2026-56326", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-56326 does not affect version 0.10.7 of nuxt. not_affected \u2014 Nuxt 0.10.7 is not affected by CVE-2026-56326. The vulnerability requires URL constructor path normalization (turning /..//evil.com into //evil.com) which is specific to Nuxt 3.x/4.x architecture. Nuxt 0.10.7 uses a different redirect mechanism (ctx.redirect with urlJoin) that collapses multiple slashes before setting the Location header, preventing protocol-relative URL formation through any c..." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7" } ] }, { "bom-ref": "urn:uuid:1c2e72e8-8b2a-5723-8627-d985db632c9e", "id": "GHSA-c9cv-mq2m-ppp3", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 does not affect version 0.10.7 of nuxt. not_affected \u2014 Target repository (Nuxt v0.10.7) uses a different architecture that predates the vulnerable APIs (navigateTo, reloadNuxtApp). The existing redirect mechanism has equivalent protections via the urlJoin() function that prevent the path-normalization bypass. The other two vulnerabilities target APIs that do not exist in this version." }, "affects": [ { "ref": "pkg:npm/nuxt@0.10.7" } ] }, { "bom-ref": "urn:uuid:f6292b7c-7964-51c0-9cef-33221713dcb5", "id": "GHSA-m3q2-p4fw-w38m", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-m3q2-p4fw-w38m does not affect version 0.10.7 of nuxt. not_affected \u2014 Nuxt v0.10.7-tuxcare.1 does not contain the vulnerable