23 matches found
Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-32395
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-32395. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-32395 DESCRIPTION: Vite is a frontend tooling...
Security Bulletin: Multiple security vulnerabilities in Vite affect IBM Robotic Process Automation (CVE-2025-31125, CVE-2025-32395, CVE-2025-31486).
Summary Multiple security vulnerabilities in Vite affect IBM Robotic Process Automation CVE-2025-31125, CVE-2025-32395, CVE-2025-31486. Vite is used by IBM Robotic Process Automation as part of the UI framework. This bulletin identifies the fixes required to address these vulnerabilities...
CVE-2023-32395
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system...
Exploit for CVE-2025-32395
CVE-2025-32395 CV...
CVE-2025-32395 vulnerabilities
Vulnerabilities for packages: vitess...
@angular/build (>=19.2.0 <=19.2.0-rc.0), @d-zero/builder (=5.0.0-alpha.39) +38 more potentially affected by CVE-2025-32395 via vite (>=6.1.0 <=6.1.4)
vite NPM version =6.1.0, =19.2.0, =1.0.7, =2.12.0, =2.12.0, =11.24.0, =0.0.1739797164641, =1.0.0, =0.0.0-experimental-989cf02-20250217-d62ba1cb, =0.0.0-experimental-80aadca-20250205-e2641483, =0.0.0-snapshot-1e670bae5105bde781e82aa2a8ee4f2dfc2446f0,...
1food-menu (>=0.0.1 <=0.2.3), 7qb-cli (=2.0.0) +2706 more potentially affected by CVE-2025-32395 via vite (>=0.14.4 <=4.5.11)
vite NPM version =0.14.4, =0.0.1, =1.0.0, =4.0.61, =4.0.61, =4.0.61, =4.0.61, =0.0.3, =1.0.1, =1.0.12, =0.0.4, =1.0.1, =1.0.7 and more Source cves: CVE-2025-32395 Source advisory: OSV:GHSA-356W-63V5-8WF4...
@aicblock/cli (>=1.0.0 <=1.0.1), @angular/build (>=19.2.1 <=20.0.0-next.5) +40 more potentially affected by CVE-2025-32395 via vite (>=6.2.0 <=6.2.5)
vite NPM version =6.2.0, =1.0.0, =19.2.1, =0.55.0, =0.21.2-4.1, =1.0.0, =1.0.410, =3.8.0, =1.47.0, =5.0.0-alpha.40, =1.0.0-next.1, =3.0.0, =3.0.0-BETA.1 and more Source cves: CVE-2025-32395 Source advisory: OSV:GHSA-356W-63V5-8WF4...
@andrewzagorski/admin (>=4.25.19-patch.2 <=4.25.19-patch.3), @andrewzagorski/pack-up (=4.23.1-prerelease.2) +21 more potentially affected by CVE-2025-32395 via vite (>=6.0.0 <=6.0.11)
vite NPM version =6.0.0, =4.25.19-patch.2, =19.1.5, =5.0.0-alpha.37, =2.11.0, =2.11.0, =11.23.0, =0.0.0-experimental-13bd4c2-20250203-4e3af844, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =1.0.6, =1.0.7 - @tuax/plugin-vite6...
@adhd/react-hooks (=2.2.1), @aklesky/vite-config (>=0.7.9 <=0.9.0) +403 more potentially affected by CVE-2025-32395 via vite (>=5.0.0 <=5.4.17)
vite NPM version =5.0.0, =0.7.9, =17.1.0, =18.0.0, =1.0.25-beta.0, =0.5.0, =2.0.0-beta.0, =0.22.0, =1.0.1, =1.0.0, =1.0.0, =0.9.0, =0.9.8 and more Source cves: CVE-2025-32395 Source advisory: OSV:GHSA-356W-63V5-8WF4...
CVE-2025-32395
A flaw was found in Vite. This vulnerability allows arbitrary file access via specially crafted HTTP requests containing a character in the request URL. The issue occurs when the server is run on Node.js or Bun and exposed to the network. Improper handling of invalid request lines allows these...
CVE-2025-32395
Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...
CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`
Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...
CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`
Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...
CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`
Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...
CVE-2025-32395
creationtimestamp| type| source ---|---|--- 2025-04-10 07:07:20+00:00| published-proof-of-concept| https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4 2025-04-10 15:32:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmhta4azji2z 2025-04-10 17:52:04+00:00| seen|...
CVE-2023-32395
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system...
CVE-2023-32395
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system...
CVE-2023-32395
CVE-2023-32395 is a logic/state-management issue in macOS that could allow an app to modify protected parts of the file system. Affected platforms are macOS Big Sur 11.7.7, macOS Monterey 12.6.6, and macOS Ventura 13.4, where the vulnerability has been fixed. The issue is described as a logic iss...
macOS 12.x < 12.6.6 Multiple Vulnerabilities (HT213759)
The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.6.6. It is, therefore, affected by multiple vulnerabilities: - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 a...