Arbitrary File Disclosure
Vite is vulnerable to Arbitrary File Disclosure. The vulnerability is due to incorrect assumptions about the presence of in req.url, which is permitted by some runtimes Node, Bun despite being invalid per HTTP specs, allowing attackers to bypass file system access restrictions using path traversa...