9 matches found
Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.18.tgz CVE-2025-46565 vulnerability
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.18.tgz CVE-2025-46565.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-46565 DESCRIPTION: Vite is a frontend tooling framework for javascrip...
CVE-2025-46565 vulnerabilities
Vulnerabilities for packages: vitess, vite...
CVE-2025-46565 vulnerabilities
Vulnerabilities for packages: vitess, vite, langfuse, langfuse-fips...
CVE-2025-46565
A flaw was found in Vite. This vulnerability allows unauthorized access to denied files in the project root through crafted path traversal sequences when the server is explicitly exposed to the network. These specially crafted sequences could bypass intended access controls, allowing an attacker ...
CVE-2025-46565 Vite's server.fs.deny bypassed with /. for files under project root
Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network usi...
@aicblock/cli (>=1.0.0 <=1.0.1), @aklesky/vite-config (=1.0.1) +42 more potentially affected by CVE-2025-46565 via vite (>=6.2.0 <=6.2.6)
vite NPM version =6.2.0, =1.0.0, =19.2.1, =0.55.0, =0.21.2-4.1, =1.0.0, =1.0.410, =3.8.0, =1.47.0, =5.0.0-alpha.40, =1.0.0-next.1, =2.0.0-next.3 and more Source cves: CVE-2025-46565 Source advisory: OSV:GHSA-859W-5945-R5V3...
@aklesky/vite-config (=1.0.0), @aminnairi/react-translate (>=0.2.0 <=1.0.0) +69 more potentially affected by CVE-2025-46565 via vite (>=6.0.0 <=6.1.4)
vite NPM version =6.0.0, =0.2.0, =4.25.19-patch.2, =19.1.0, =0.4.2, =0.1.10, =0.0.1, =5.0.0-alpha.32, =1.0.7, =2.9.2, =2.9.2, =11.22.0, =0.0.1734266056335, =0.0.1749439290229 and more Source cves: CVE-2025-46565 Source advisory: OSV:GHSA-859W-5945-R5V3...
@adhd/react-hooks (=2.2.1), @aklesky/vite-config (>=0.7.9 <=0.9.0) +403 more potentially affected by CVE-2025-46565 via vite (>=5.0.0 <=5.4.17)
vite NPM version =5.0.0, =0.7.9, =17.1.0, =18.0.0, =1.0.25-beta.0, =0.5.0, =2.0.0-beta.0, =0.22.0, =1.0.1, =1.0.0, =1.0.0, =0.9.0, =0.9.8 and more Source cves: CVE-2025-46565 Source advisory: OSV:GHSA-859W-5945-R5V3...
CVE-2025-46565
creationtimestamp| type| source ---|---|--- 2025-04-30 08:11:08+00:00| published-proof-of-concept| https://github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3 2025-05-02 18:19:55+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14557 2025-05-05 07:01:24+00:00|...