Acceptance of Extraneous Untrusted Data With Trusted Data

Summary

The Nuxt is an open-source web development framework for Vue.js.By sending a crafted "HTTP request" to a server behind a "CDN", it was possible in some circumstances to poison the "CDN cache", which highly impacts the availability of a site. For example, a request such as https://mysite.com/?/_payload.json could be crafted, which would be rendered as JSON. If the CDN in front of a Nuxt site ignores the query string when determining whether to cache a route, then this JSON response could be served to future visitors to the site. An attacker could exploit this vulnerability to make the site unavailable indefinitely. It is also possible, in cases where the cache is reset, to create a small script that sends a request every X seconds (equal to the caching duration) to continuously poison the cache, making the site completely unavailable. This issue affects versions from 3.0.0-rc.0 prior to 3.16.0.