Lucene search
GitHub_MCVELIST:CVE-2023-34092HistoryJun 01, 2023 - 4:29 p.m.
CVE-2023-34092 Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
2023-06-0116:29:51
CWE-50
CWE-200
GitHub_M
raw.githubusercontent.com
1
vite server options
bypass vulnerability
patched versions
security risk
unauthenticated access
Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) allows any unauthenticated user to read file from the Vite root-path of the application including the default fs.deny settings (['.env', '.env.*', '*.{crt,pem}']). Only users explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected, and only files in the immediate Vite project root folder could be exposed. This issue is fixed in [email protected], [email protected], [email protected], [email protected], [email protected], and [email protected].
Related
osv
osv
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
2023-06-06 02:01:39
CVE-2023-34092
2023-06-01 17:15:10
prion
prion
Design/Logic Flaw
2023-06-01 17:15:00
Design/Logic Flaw
2024-01-19 20:15:00
cve
cve
CVE-2023-34092
2023-06-01 17:15:10
CVE-2024-23331
2024-01-19 20:15:14
github
github
veracode
veracode
Arbitrary File Read
2023-06-16 06:19:17
githubexploit
githubexploit
Exploit for Use of Incorrectly-Resolved Name or Reference in Vitejs Vite
2024-01-20 08:46:11
cvelist
cvelist