Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:54 a.m.7 views

CVE-2023-34092

Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options server.fs.deny can be bypassed using double forward-slash // allows any unauthenticated user to read file from the Vite root-path of the application including the default fs.deny...

7.5CVSS6.2AI score0.03152EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2024/01/19 9:58 p.m.6 views

@aem-vite/import-rewriter (>=5.0.1 <=6.0.1), @aem-vite/vite-aem-plugin (>=1.0.0 <=2.3.1) +124 more potentially affected by CVE-2023-34092 +1 more via vite (>=2.7.0 <=2.9.16)

vite NPM version =2.7.0, =5.0.1, =1.0.0, =3.0.0-beta.5, =3.0.0-beta.2, =0.10.0, =1.1.0-next.4, =0.0.0-experimental-17c6886-20220324, =0.0.0-canary-20220428124037, =0.1.5, =0.0.11, =0.0.12, =0.0.1, =0.1.5, =0.0.11, =0.0.37, =0.0.42 and more Source cves: CVE-2023-34092, CVE-2024-23331 Source...

7.5CVSS6.7AI score0.03152EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2024/01/19 9:58 p.m.8 views

1food-menu (>=0.0.1 <=0.2.3), 7qb-cli (=2.0.0) +1112 more potentially affected by CVE-2023-34092 +1 more via vite (>=3.0.0 <=3.2.7)

vite NPM version =3.0.0, =0.0.1, =2.0.0, =1.0.1, =1.0.2, =0.0.42-beta1, =0.0.0, =0.0.5, =1.2.56-alpha.0, =1.3.4, =1.0.0, =1.0.22, =1.0.7, =1.2.60 and more Source cves: CVE-2023-34092, CVE-2024-23331 Source advisory: OSV:GHSA-C24V-8RFC-W8VW...

7.5CVSS6.6AI score0.03152EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2024/01/19 9:58 p.m.4 views

128981semzub (=1.0.1), 1food-menu (>=0.3.0 <=0.3.7) +2882 more potentially affected by CVE-2023-34092 +1 more via vite (>=4.0.0 <=4.5.14)

vite NPM version =4.0.0, =0.3.0, =1.0.0, =2.0.3, =0.0.1, =0.0.1, =0.0.7, =4.0.61, =4.0.61, =4.0.61, =4.0.61, =0.0.1, =0.0.3 and more Source cves: CVE-2023-34092, CVE-2024-23331 Source advisory: OSV:GHSA-C24V-8RFC-W8VW...

7.5CVSS6.6AI score0.03152EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2023/06/06 2:1 a.m.5 views

@alioth_91/alita (>=3.3.9-patch.1 <=3.3.9-patch.2), @alitajs/vue-i18n (>=0.0.7 <=0.0.8) +98 more potentially affected by CVE-2023-34092 via vite (>=4.3.0 <=4.3.8)

vite NPM version =4.3.0, =3.3.9-patch.1, =0.0.7, =0.0.7, =0.0.7, =0.0.7, =0.0.7, =0.0.1, =0.0.1, =16.0.0, =2.0.0, =12.0.0, =0.0.0-canary-20230426131112, =0.0.1, =0.0.12 - @deconz-community/directus-extension-ddf-store =0.1.0 and more Source cves: CVE-2023-34092 Source advisory:...

7.5CVSS7.1AI score0.03152EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/06/06 2:1 a.m.6 views

@aem-vite/import-rewriter (>=5.0.1 <=6.0.1), @aem-vite/vite-aem-plugin (>=1.0.0 <=2.3.1) +220 more potentially affected by CVE-2023-34092 via vite (>=0.14.4 <=2.9.15)

vite NPM version =0.14.4, =5.0.1, =1.0.0, =3.0.0-beta.5, =3.0.0-beta.2, =0.0.1, =0.10.0, =1.0.16, =1.1.0-next.4, =0.0.0-experimental-17c6886-20220324, =0.0.0-canary-20220428124037, =0.1.5, =0.0.11, =0.0.12, =0.0.1, =0.1.5, =0.1.11 and more Source cves: CVE-2023-34092 Source advisory:...

7.5CVSS7.1AI score0.03152EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/06/06 2:1 a.m.4 views

@4399ywkf/bundler-vite (>=4.0.61 <=4.0.84), @4399ywkf/js (>=4.0.61 <=4.0.84) +46 more potentially affected by CVE-2023-34092 via vite (>=4.1.0 <=4.1.4)

vite NPM version =4.1.0, =4.0.61, =4.0.61, =4.0.61, =4.0.61, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.0-canary-20230215113341, =4.6.2, =11.6.5, =5.3.8, =5.0.0, =5.0.1 and more Source cves: CVE-2023-34092 Source advisory: OSV:GHSA-353F-5XF4-QW67...

7.5CVSS7.1AI score0.03152EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/06/06 2:1 a.m.5 views

@brewer/beerui (>=1.1.9 <=1.1.16-beta-8), @catalysisdev/build (=0.8.0) +32 more potentially affected by CVE-2023-34092 via vite (>=4.0.0 <=4.0.4)

vite NPM version =4.0.0, =1.1.9, =0.0.0-canary-20221223101943, =5.3.4, =0.5.6, =0.7.2-alpha.0 and more Source cves: CVE-2023-34092 Source advisory: OSV:GHSA-353F-5XF4-QW67...

7.5CVSS7.1AI score0.03152EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/06/06 2:1 a.m.8 views

1food-menu (>=0.0.1 <=0.2.3), 7qb-cli (=2.0.0) +1096 more potentially affected by CVE-2023-34092 via vite (>=3.0.2 <=3.2.5)

vite NPM version =3.0.2, =0.0.1, =2.0.0, =1.0.1, =1.0.2, =0.0.42-beta1, =0.0.0, =0.0.5, =1.2.56-alpha.0, =1.3.4, =1.0.0, =1.0.22, =1.0.7, =1.2.60 and more Source cves: CVE-2023-34092 Source advisory: OSV:GHSA-353F-5XF4-QW67...

7.5CVSS7AI score0.03152EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2023/06/01 4:29 p.m.12 views

CVE-2023-34092 Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)

Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options server.fs.deny can be bypassed using double forward-slash // allows any unauthenticated user to read file from the Vite root-path of the application including the default fs.deny...

7.5CVSS6.5AI score0.03152EPSS
Exploits1References3
CVE
CVE
added 2023/06/01 4:29 p.m.116 views

CVE-2023-34092

Vite core fix for CVE-2023-34092 (also echoed in related CVEs) describes a bypass of server.fs.deny via double-slash to read files from the Vite project root when the dev server is exposed (–host or server.host). Affected versions before the fixes include: 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and ...

7.5CVSS7.2AI score0.03152EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder