317 matches found
@vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint
Summary The /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sending a crafted HTTP request with a file:// URL in the filename query parameter. Severity:...
Directory Traversal
Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Directory Traversal via the /viterscfindSourceMapURL endpoint when processing HTTP requests containing a file:// URL in the filename query parameter. An attacker can...
CVE-2025-68155
The CVE concerns @vitejs/plugin-rsc (used with Vite) in development mode. Prior to version 0.5.8, the endpoint /__vite_rsc_findSourceMapURL accepts a file:// URL in the filename query parameter, converts it to a filesystem path, and reads the target file without validating its location, returning...
EUVD-2025-203834
@vitejs/plugin-rs provides React Server Components RSC support for Vite. Prior to version 0.5.8, the /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sendi...
curl: Path Traversal in file:// protocol allows Arbitrary File Read
Summary: The file:// protocol handler in curl does not properly sanitise or block path traversal sequences ../. This allows a maliciously crafted file:// URL to escape the intended directory and access arbitrary files on the filesystem with the permissions of the user running curl. When curl is...
OESA-2025-2593 firefox security update
Security Fixes: If temporary one-time permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from differen...
OESA-2025-2592 firefox security update
Security Fixes: If temporary one-time permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from differen...
EUVD-2017-1403
Malware in sbrugna...
EUVD-2009-1698
Malware in sbrugna...
EUVD-2018-4523
Malware in sbrugna...
EUVD-2008-4889
Malware in sbrugna...
EUVD-2019-3821
Malware in sbrugna...
EUVD-2009-2992
Malware in sbrugna...
EUVD-2005-2456
Malware in sbrugna...
EUVD-2009-2993
Malware in sbrugna...
EUVD-2009-0048
Malware in sbrugna...
EUVD-2002-1749
Malware in sbrugna...
EUVD-2012-4828
Malware in sbrugna...
EUVD-2013-6289
Malware in sbrugna...
EUVD-2008-0052
Malware in sbrugna...