3 matches found
CVE-2025-57753 vite-plugin-static-copy files not included in `src` are accessible with a crafted request
vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2...
@hpcc-js/esbuild-plugins (>=1.4.2 <=1.4.9), @yangzw/bruce-app (>=1.3.7 <=1.3.8) +1 more potentially affected by CVE-2025-57753 via vite-plugin-static-copy (>=3.0.0 <=3.1.1)
vite-plugin-static-copy NPM version =3.0.0, =1.4.2, =1.3.7, =1.3.8 - auto-reveal =0.7.0 Source cves: CVE-2025-57753 Source advisory: SNYK:JS-VITEPLUGINSTATICCOPY-12179280...
@apiida/vue-components (>=16.5.0 <=18.0.2), @axirs/storybook-template (>=1.0.0-beta-v2.0.0 <=1.0.0-beta-v2.1.2) +114 more potentially affected by CVE-2025-57753 via vite-plugin-static-copy (>=0.6.1 <=2.3.1)
vite-plugin-static-copy NPM version =0.6.1, =16.5.0, =1.0.0-beta-v2.0.0, =0.4.3, =1.0.4, =1.1.0, =0.20.1, =0.5.0, =0.0.1, =0.0.3, =0.3.0, =0.1.0, =0.2.21, =0.4.1 and more Source cves: CVE-2025-57753 Source advisory: SNYK:JS-VITEPLUGINSTATICCOPY-12179280...