2 matches found
CVE-2024-45811 server.fs.deny bypassed when using ?import&raw in vite
Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. @fs denies access to files outside of Vite serving allow list. Adding ?import&raw to the URL bypasses this limitation and returns the file content if it...
PT-2024-31792 · Vite · Vite
Name of the Vulnerable Software and Affected Versions: Vite versions prior to 3.2.11 Vite versions prior to 4.5.5 Vite versions prior to 5.2.14 Vite versions prior to 5.3.6 Vite versions prior to 5.4.6 Description: The contents of arbitrary files can be returned to the browser. @fs denies access ...