6 matches found
Vite Dev Server - Path Traversal
Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...
@1771technologies/oneplay (>=0.0.1 <=0.0.6), @aicblock/cli (>=1.0.0 <=1.0.1) +159 more potentially affected by CVE-2025-58751 via vite (>=6.0.0 <=6.3.5)
vite NPM version =6.0.0, =0.0.1, =1.0.0, =1.0.0, =0.2.0, =4.25.19-patch.2, =19.1.0, =0.55.0, =0.21.2-4.1, =0.4.2, =0.1.10, =0.0.1, =1.0.0, =1.0.3 and more Source cves: CVE-2025-58751 Source advisory: OSV:GHSA-G4JQ-H2W9-997C...
@altipla/directus-sdk-utils (=0.7.2), @angular/build (>=20.2.0 <=21.0.0-rc.1) +48 more potentially affected by CVE-2025-58751 via vite (>=7.1.0 <=7.1.4)
vite NPM version =7.1.0, =20.2.0, =2.1.2-alpha.0, =0.0.0, =2.14.0, =5.0.0-beta.4, =30.0.0, =16.0.1, =2.19.8, =2.19.8, =14.314.0, =9.6.3, =0.0.12, =2.14.2, =2.14.4 and more Source cves: CVE-2025-58751 Source advisory: OSV:GHSA-G4JQ-H2W9-997C...
@angular/build (>=20.1.0 <=20.2.0-next.2), @atomazing-org/super-app-host (>=0.0.4 <=0.0.8) +55 more potentially affected by CVE-2025-58751 via vite (>=7.0.0 <=7.0.6)
vite NPM version =7.0.0, =20.1.0, =0.0.4, =0.2.9, =1.190.0, =0.1.0, =0.0.1750946288791, =0.0.2, =0.0.7, =0.0.2, =0.0.1, =0.1.34, =0.1.35 and more Source cves: CVE-2025-58751 Source advisory: OSV:GHSA-G4JQ-H2W9-997C...
CVE-2025-58751
Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...
CVE-2025-58751 Vite middleware may serve files starting with the same name with the public directory
Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...