CVE-2024-23331

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

SUSE CVE-2024-23331

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

1food-menu (>=0.0.1 <=0.2.3), 7qb-cli (=2.0.0) +1100 more potentially affected by CVE-2023-34092 +1 more via vite (>=3.0.0 <=3.2.7)

vite NPM version =3.0.0, =0.0.1, =2.0.0, =1.0.1, =1.0.2, =0.0.42-beta1, =0.0.0, =0.0.5, =1.2.56-alpha.0, =1.3.4, =1.0.0, =1.0.22, =1.0.7, =1.2.60 and more Source cves: CVE-2023-34092, CVE-2024-23331 Source advisory: OSV:GHSA-C24V-8RFC-W8VW...

@aem-vite/import-rewriter (>=5.0.1 <=6.0.1), @aem-vite/vite-aem-plugin (>=1.0.0 <=2.3.1) +124 more potentially affected by CVE-2023-34092 +1 more via vite (>=2.7.0 <=2.9.16)

vite NPM version =2.7.0, =5.0.1, =1.0.0, =3.0.0-beta.5, =3.0.0-beta.2, =0.10.0, =1.1.0-next.4, =0.0.0-experimental-17c6886-20220324, =0.0.0-canary-20220428124037, =0.1.5, =0.0.11, =0.0.12, =0.0.1, =0.1.5, =0.0.11, =0.0.37, =0.0.42 and more Source cves: CVE-2023-34092, CVE-2024-23331 Source...

128981semzub (=1.0.1), 1food-menu (>=0.3.0 <=0.3.7) +2862 more potentially affected by CVE-2023-34092 +1 more via vite (>=4.0.0 <=4.5.14)

vite NPM version =4.0.0, =0.3.0, =1.0.0, =2.0.3, =0.0.1, =0.0.1, =0.0.7, =4.0.61, =4.0.61, =4.0.61, =4.0.61, =0.0.1, =0.0.3 and more Source cves: CVE-2023-34092, CVE-2024-23331 Source advisory: OSV:GHSA-C24V-8RFC-W8VW...

CVE-2024-23331 vulnerabilities

Vulnerabilities for packages: vite...

CVE-2024-23331 vulnerabilities

Vulnerabilities for packages: vite...

CVE-2024-23331 Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

CVE-2024-23331

CVE-2024-23331 (Vite) : The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems by using case-augmented filenames. The issue occurs because picomatch defaults to case-sensitive glob matching, while the file server does not, enabling a blacklist bypass and potent...