CVE-2024-45811

🗓️ 17 Sep 2024 20:08:11Reported by GitHub_MType

Vite frontend build tooling framework CVE-2024-45811 fix availabl

Reporter	Title	Published	Views	Family All 51
Chainguard	CVE-2024-45811 vulnerabilities	17 Sep 202420:15	–	cgr
Circl	CVE-2024-45811	17 Sep 202423:08	–	circl
CNNVD	Vite 访问控制错误漏洞	17 Sep 202400:00	–	cnnvd
Cvelist	CVE-2024-45811 server.fs.deny bypassed when using ?import&raw in vite	17 Sep 202420:08	–	cvelist
EUVD	EUVD-2024-2759	3 Oct 202520:07	–	euvd
Github Security Blog	Vite's `server.fs.deny` is bypassed when using `?import&raw`	17 Sep 202418:44	–	github
NVD	CVE-2024-45811	17 Sep 202420:15	–	nvd
OPENSUSE Linux	velociraptor-0.7.0.4.git142.862ef23-1.1 on GA media (moderate)	18 Jan 202500:00	–	opensuse
OSV	CGA-2RRM-CFWM-848J	25 Sep 202405:12	–	osv
OSV	CGA-WFWJ-7MRG-M7C4	29 Jan 202600:49	–	osv

Vulners

Vulnrichment

Node

vitejs viteRange5.4.0–5.4.6

vitejs viteRange5.3.0–5.3.6

vitejs viteRange5.0.0–5.2.14

vitejs viteRange4.0.0–4.5.5

vitejs viteRange<3.2.11

[
  {
    "vendor": "vitejs",
    "product": "vite",
    "versions": [
      {
        "version": ">= 5.4.0, < 5.4.6",
        "status": "affected"
      },
      {
        "version": ">= 5.3.0, < 5.3.6",
        "status": "affected"
      },
      {
        "version": ">= 5.0.0, < 5.2.14",
        "status": "affected"
      },
      {
        "version": ">= 4.0.0, < 4.5.5",
        "status": "affected"
      },
      {
        "version": "< 3.2.11",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx
github	www.github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34

15 Apr 2026 00:35Current

5Medium risk

Vulners AI Score5

CVSS 3.14.8

EPSS0.00015

SSVC

vite javascript arbitraryfiles bypasslimitation upgrade