CVE-2019-13506

@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandles object keys, leading to XSS.
Source: NIST
CVE-2019-13506