CVE-2026-41211

Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, downloadPackageManager accepts an untrusted version string and uses it directly in filesystem paths. A caller can supply ../ segments or an absolute path to escape the VPHOME/packagemanager// cache root and...

Vite 路径遍历漏洞

Vite is a new type of front-end build tool developed by Vite itself. Versions of Vite prior to 0.1.17 contained a path traversal vulnerability. This vulnerability stemmed from the downloadPackageManager accepting untrusted version strings, which could lead to path traversal attacks...