CVE-2024-45812

🗓️ 17 Sep 2024 20:08:13Reported by GitHub_MType

Vite frontend build tooling framework DOM Clobbering vulnerabilit

Reporter	Title	Published	Views	Family All 56
Chainguard	CVE-2024-45812 vulnerabilities	17 Sep 202420:15	–	cgr
Circl	CVE-2024-45812	17 Sep 202423:08	–	circl
CNNVD	Vite 跨站脚本漏洞	17 Sep 202400:00	–	cnnvd
Cvelist	CVE-2024-45812 DOM Clobbering gadget found in vite bundled scripts that leads to XSS in Vite	17 Sep 202420:08	–	cvelist
EUVD	EUVD-2024-2728	3 Oct 202520:07	–	euvd
Github Security Blog	Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS	17 Sep 202419:28	–	github
NVD	CVE-2024-45812	17 Sep 202420:15	–	nvd
OPENSUSE Linux	velociraptor-0.7.0.4.git142.862ef23-1.1 on GA media (moderate)	18 Jan 202500:00	–	opensuse
OSV	CGA-45FH-F7PX-M6RR	25 Sep 202405:10	–	osv
OSV	CGA-WGWJ-RRG3-P8MX	29 Jan 202600:50	–	osv

Vulners

Vulnrichment

Node

vitejs viteRange5.4.0–5.4.6

vitejs viteRange5.3.0–5.3.6

vitejs viteRange5.0.0–5.2.14

vitejs viteRange4.0.0–4.5.5

vitejs viteRange<3.2.11

[
  {
    "vendor": "vitejs",
    "product": "vite",
    "versions": [
      {
        "version": ">= 5.4.0, < 5.4.6",
        "status": "affected"
      },
      {
        "version": ">= 5.3.0, < 5.3.6",
        "status": "affected"
      },
      {
        "version": ">= 5.0.0, < 5.2.14",
        "status": "affected"
      },
      {
        "version": ">= 4.0.0, < 4.5.5",
        "status": "affected"
      },
      {
        "version": "< 3.2.11",
        "status": "affected"
      }
    ]
  }
]

Source	Link
scnps	www.scnps.co/papers/sp23_domclob.pdf
github	www.github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3
research	www.research.securitum.com/xss-in-amp4email-dom-clobbering
github	www.github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad
github	www.github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986

15 Apr 2026 00:35Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.16.4

EPSS0.00256

SSVC

CWE-79