Aigent.ly — Vulnerability Prevention for AI-Generated Code

AI Security Summary

Nuxt applications are most exposed through their HTTP client and utility libraries, where attacker-controlled input reaches unsafe sinks like Function constructors, object merges, and proxy routing logic. The recurring mistake is trusting user-supplied objects, URLs, and path segments without sanitization before passing them into lodash templates, axios config merges, or redirect helpers.

Code and Command Injection via Unsafe Template and Function Constructor Sinks

Covers: CVE-2021-23337 · CVE-2026-4800 Risk: Attacker-controlled input passed to lodash template functions reaches the Function() constructor, enabling arbitrary code execution on the server.

NEVER pass user-supplied strings or object keys into lodash _.template(), including via the options.imports map.
ALWAYS treat both the variable option and every key in options.imports as potential code-injection vectors when constructing templates dynamically.
NEVER use lodash template rendering in a context where any part of the template string or its options originates from an untrusted source.
ALWAYS prefer static, developer-controlled template strings; if dynamic templates are required, allowlist every possible value before use.

Prototype Pollution Gadget Chains Enabling Response Tampering, Auth Bypass, and Header Injection

Covers: CVE-2026-42033 · CVE-2026-42035 · CVE-2026-42041 · CVE-2026-42042 · CVE-2026-40175 · CVE-2026-2950 · CVE-2025-13465 Risk: Pollution of Object.prototype by any dependency lets attackers silently hijack axios responses, inject HTTP headers, suppress auth errors, and leak XSRF tokens across origins.

NEVER merge or assign user-supplied objects without guarding against proto, constructor, and prototype keys at every level, including array-wrapped path segments.
ALWAYS use hasOwnProperty guards or Object.create(null) maps when reading configuration keys that control HTTP behavior such as headers, validateStatus, and withXSRFToken.
NEVER rely on truthy/falsy boolean coercion for security-sensitive config flags; use strict equality checks instead.
ALWAYS sanitize paths passed to _.unset and _.omit so that no segment resolves to proto or constructor, regardless of whether the path is a string or an array.
NEVER assume that a co-dependency is pollution-free; treat Object.prototype as potentially tainted when axios reads header or config properties without ownership checks.

Denial of Service via Prototype Key Crashes, ReDoS, and Unbounded Recursion

Covers: CVE-2021-3749 · CVE-2020-28500 · CVE-2026-25639 · CVE-2026-42039 · CVE-2026-42034 · CVE-2026-42036 Risk: Attacker-crafted strings, deeply nested objects, or proto keys in axios/lodash calls exhaust CPU or crash the Node.js process, causing full service outage.

NEVER pass untrusted strings directly to lodash functions such as toNumber, trim, or trimEnd without first bounding their length.
NEVER pass JSON.parse() output directly into axios config merges or lodash utility functions without stripping prototype-polluting keys first.
ALWAYS enforce a maximum nesting depth before passing user-supplied objects to any recursive serializer or form-data builder.
ALWAYS set explicit maxBodyLength and maxContentLength limits and enforce them regardless of whether the request uses buffered or streamed transport.
NEVER allow request body or response stream consumption to proceed without a hard size cap enforced at the adapter level, not just the config object.

SSRF and Proxy Bypass via URL Normalization and NO_PROXY Evasion

Covers: CVE-2025-27152 · CVE-2025-62718 · CVE-2026-42043 · CVE-2026-42038 · CVE-2023-45857 Risk: Absolute URLs, trailing-dot hostnames, and IPv6/IP-alias loopback addresses bypass NO_PROXY rules and XSRF guards, enabling SSRF and credential leakage to attacker-controlled hosts.

NEVER construct axios request URLs by concatenating user-supplied input with a baseURL; always validate that the final resolved URL matches the intended origin before sending.
ALWAYS normalize hostnames to their canonical form — resolving trailing dots, IPv6 brackets, and loopback aliases — before comparing against any allowlist or NO_PROXY list.
NEVER rely solely on string matching for proxy bypass rules; treat all loopback representations (127.x.x.x, ::1, localhost variants) as equivalent when evaluating NO_PROXY.
ALWAYS scope XSRF token headers to requests that explicitly target the same origin; never attach credential headers to requests whose destination URL has not been validated.
NEVER pass absolute URLs from user input directly to axios when a baseURL is already configured; assert that protocol-relative and absolute URL forms are rejected or sanitized.

Cache Poisoning and Client-Side Script Injection via Nuxt Rendering Quirks

Covers: CVE-2025-27415 · CVE-2024-34343 Risk: Crafted query strings poison CDN caches with JSON payload responses, and malformed protocol URLs bypass the javascript: block in navigateTo, enabling XSS after SSR.

NEVER trust the CDN to distinguish payload routes from page routes solely by path; always include a Vary or Cache-Control header that accounts for query string parameters used by Nuxt's payload rendering.
ALWAYS validate redirect targets with a strict allowlist of permitted protocols before calling navigateTo, and do not rely solely on a substring check for 'javascript:'.
NEVER pass user-supplied URL strings to navigateTo after SSR without first parsing and asserting the scheme using a spec-compliant URL parser.
ALWAYS treat query parameters that alter rendering mode or response content type as security-sensitive inputs requiring server-side validation before processing.

Cross-cutting patterns (all Nuxt projects)

NEVER deserialize user-supplied JSON and use the result directly as a configuration, path, or options object for any lodash or axios API without first removing prototype-polluting keys.
ALWAYS validate and sanitize all user-controlled input at the earliest possible boundary — before it reaches any HTTP client, template engine, or utility function.
NEVER use duck-type or truthy checks alone to gate security-sensitive behavior; use strict type and value assertions for all security config properties.
ALWAYS treat every property read from a merged or inherited object as potentially attacker-influenced; use Object.create(null) for accumulator objects in any merge or config-build path.

AI Security Summary

Code and Command Injection via Unsafe Template and Function Constructor Sinks

NEVER pass user-supplied strings or object keys into lodash _.template(), including via the options.imports map.
ALWAYS treat both the variable option and every key in options.imports as potential code-injection vectors when constructing templates dynamically.
NEVER use lodash template rendering in a context where any part of the template string or its options originates from an untrusted source.
ALWAYS prefer static, developer-controlled template strings; if dynamic templates are required, allowlist every possible value before use.

Prototype Pollution Gadget Chains Enabling Response Tampering, Auth Bypass, and Header Injection

NEVER merge or assign user-supplied objects without guarding against proto, constructor, and prototype keys at every level, including array-wrapped path segments.
ALWAYS use hasOwnProperty guards or Object.create(null) maps when reading configuration keys that control HTTP behavior such as headers, validateStatus, and withXSRFToken.
NEVER rely on truthy/falsy boolean coercion for security-sensitive config flags; use strict equality checks instead.
ALWAYS sanitize paths passed to _.unset and _.omit so that no segment resolves to proto or constructor, regardless of whether the path is a string or an array.
NEVER assume that a co-dependency is pollution-free; treat Object.prototype as potentially tainted when axios reads header or config properties without ownership checks.

Denial of Service via Prototype Key Crashes, ReDoS, and Unbounded Recursion

NEVER pass untrusted strings directly to lodash functions such as toNumber, trim, or trimEnd without first bounding their length.
NEVER pass JSON.parse() output directly into axios config merges or lodash utility functions without stripping prototype-polluting keys first.
ALWAYS enforce a maximum nesting depth before passing user-supplied objects to any recursive serializer or form-data builder.
ALWAYS set explicit maxBodyLength and maxContentLength limits and enforce them regardless of whether the request uses buffered or streamed transport.
NEVER allow request body or response stream consumption to proceed without a hard size cap enforced at the adapter level, not just the config object.

SSRF and Proxy Bypass via URL Normalization and NO_PROXY Evasion

NEVER construct axios request URLs by concatenating user-supplied input with a baseURL; always validate that the final resolved URL matches the intended origin before sending.
ALWAYS normalize hostnames to their canonical form — resolving trailing dots, IPv6 brackets, and loopback aliases — before comparing against any allowlist or NO_PROXY list.
NEVER rely solely on string matching for proxy bypass rules; treat all loopback representations (127.x.x.x, ::1, localhost variants) as equivalent when evaluating NO_PROXY.
ALWAYS scope XSRF token headers to requests that explicitly target the same origin; never attach credential headers to requests whose destination URL has not been validated.
NEVER pass absolute URLs from user input directly to axios when a baseURL is already configured; assert that protocol-relative and absolute URL forms are rejected or sanitized.

Cache Poisoning and Client-Side Script Injection via Nuxt Rendering Quirks

NEVER trust the CDN to distinguish payload routes from page routes solely by path; always include a Vary or Cache-Control header that accounts for query string parameters used by Nuxt's payload rendering.
ALWAYS validate redirect targets with a strict allowlist of permitted protocols before calling navigateTo, and do not rely solely on a substring check for 'javascript:'.
NEVER pass user-supplied URL strings to navigateTo after SSR without first parsing and asserting the scheme using a spec-compliant URL parser.
ALWAYS treat query parameters that alter rendering mode or response content type as security-sensitive inputs requiring server-side validation before processing.

Cross-cutting patterns (all Nuxt projects)

NEVER deserialize user-supplied JSON and use the result directly as a configuration, path, or options object for any lodash or axios API without first removing prototype-polluting keys.
ALWAYS validate and sanitize all user-controlled input at the earliest possible boundary — before it reaches any HTTP client, template engine, or utility function.
NEVER use duck-type or truthy checks alone to gate security-sensitive behavior; use strict type and value assertions for all security config properties.
ALWAYS treat every property read from a merged or inherited object as potentially attacker-influenced; use Object.create(null) for accumulator objects in any merge or config-build path.

Nuxt security patterns

Protects against

Rule body

AI Security Summary

Code and Command Injection via Unsafe Template and Function Constructor Sinks

Prototype Pollution Gadget Chains Enabling Response Tampering, Auth Bypass, and Header Injection

Denial of Service via Prototype Key Crashes, ReDoS, and Unbounded Recursion

SSRF and Proxy Bypass via URL Normalization and NO_PROXY Evasion

Cache Poisoning and Client-Side Script Injection via Nuxt Rendering Quirks

AI Security Summary

Code and Command Injection via Unsafe Template and Function Constructor Sinks

Prototype Pollution Gadget Chains Enabling Response Tampering, Auth Bypass, and Header Injection

Denial of Service via Prototype Key Crashes, ReDoS, and Unbounded Recursion

SSRF and Proxy Bypass via URL Normalization and NO_PROXY Evasion

Cache Poisoning and Client-Side Script Injection via Nuxt Rendering Quirks