3 matches found
CVE-2026-39365
A flaw was found in Vite. The development server's handling of .map requests contains a path traversal vulnerability. A remote attacker can exploit this by sending a specially crafted request with directory traversal sequences ../ to bypass security restrictions. This allows the attacker to...
CVE-2026-39365 Vite has a Path Traversal in Optimized Deps `.map` Handling
Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the...
Vite 路径遍历漏洞
Vite is a new type of front-end build tool developed by Vite itself. Versions of Vite from 6.0.0 to 6.4.2, before 7.3.2, and before 8.0.5 contained a path traversal vulnerability. This vulnerability stemmed from insufficient path traversal restrictions on .map requests, which could allow bypassin...