9 matches found
CVE-2026-41211
Summary of CVE-2026-41211 (vite-plus/binding) : The vulnerability affects Vite+ before version 0.1.17, where downloadPackageManager() uses an untrusted version string directly in filesystem paths. An attacker can supply traversal segments (e.g., ../) or absolute paths to escape VP_HOME/package_ma...
EUVD-2026-25163
Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, downloadPackageManager accepts an untrusted version string and uses it directly in filesystem paths. A caller can supply ../ segments or an absolute path to escape the VPHOME/packagemanager// cache root and...
CVE-2026-41211 `vite-plus/binding` has path traversal `downloadPackageManager()` that leads to writes outside of `VP_HOME`
Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, downloadPackageManager accepts an untrusted version string and uses it directly in filesystem paths. A caller can supply ../ segments or an absolute path to escape the VPHOME/packagemanager// cache root and...
CVE-2026-41211
Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, downloadPackageManager accepts an untrusted version string and uses it directly in filesystem paths. A caller can supply ../ segments or an absolute path to escape the VPHOME/packagemanager// cache root and...
PT-2026-34601
Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, downloadPackageManager accepts an untrusted version string and uses it directly in filesystem paths. A caller can supply ../ segments or an absolute path to escape the VP HOME/package manager// cache root a...
Path traversal in vite-plus/binding downloadPackageManager() writes outside VP_HOME
Summary downloadPackageManager in vite-plus/binding accepts an untrusted version string and uses it directly in filesystem paths. A caller can supply ../ segments to escape the VPHOME/packagemanager// cache root and cause Vite+ to delete, replace, and populate directories outside the intended cac...
GHSA-33R3-4WHC-44C2 Path traversal in vite-plus/binding downloadPackageManager() writes outside VP_HOME
Summary downloadPackageManager in vite-plus/binding accepts an untrusted version string and uses it directly in filesystem paths. A caller can supply ../ segments to escape the VPHOME/packagemanager// cache root and cause Vite+ to delete, replace, and populate directories outside the intended cac...
Alibaba Cloud Linux 3 : 0141: go-toolset:an8 (ALINUX3-SA-2025:0141)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0141 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-4674: The go command may execute unexpecte...
Security update for go1.23
This update for go1.23 fixes the following issues: Update to version go1.23.11 CVE-2025-4674: Fixed potential command execution in untrusted VCS repositories. bsc1246118 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...