@nuxt/icon is vulnerable to Server-Side Request Forgery. The vulnerability is due to improperly parsed proxied request paths in the /api/_nuxt_icon/[name] endpoint, which lets an attacker change the scheme and host of the request. An attackers can exploit this flaw by passing a path prefixed with “https:” to change the scheme to HTTP and then specify a new host, such as https:127.0.0.1:8080 enabling requests to a local…Read More