7 matches found
Vite Dev Server - Path Traversal in Optimized Deps .map Handling
Vite development server versions prior to 8.0.5, 7.3.2, and 6.4.2 are vulnerable to path traversal through the optimized dependencies sourcemap handler. The dev server's handling of .map requests for optimized dependencies resolves file paths via normalizePathpath.resolveroot, url.slice1 and call...
CVE-2026-39365 Vite has a Path Traversal in Optimized Deps `.map` Handling
Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the...
CVE-2026-39365
CVE-2026-39365 (Vite dev server) : Multiple Vite versions (< 6.4.2, < 7.3.2,
CVE-2026-39365 Vite has a Path Traversal in Optimized Deps `.map` Handling
Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the...
GHSA-4W7W-66W2-5VF9 Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling
Summary Any files ending with .map even out side the project can be returned to the browser. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - have a sensitive content in files...
Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling
Summary Any files ending with .map even out side the project can be returned to the browser. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - have a sensitive content in files...
PT-2026-30926
Name of the Vulnerable Software and Affected Versions Vite versions 6.0.0 through 6.4.1, 7.3.2, and 8.0.5 Description The Vite dev server improperly handles .map requests for optimized dependencies. It resolves file paths and calls readFile without restricting '../' segments in the URL, potential...