Lucene search
+L

67 matches found

Github Security Blog
Github Security Blog
added 2024/01/19 9:58 p.m.150 views

Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Summary Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to https://nvd.nist.gov/vuln/detail/CVE-2023-34092 -- with surface area reduced to host...

7.5CVSS7AI score0.00791EPSS
Exploits1References9Affected Software1
NVD
NVD
added 2024/01/19 8:15 p.m.27 views

CVE-2024-23331

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

7.5CVSS7.4AI score0.00791EPSS
Exploits1References3
Prion
Prion
added 2024/01/19 8:15 p.m.17 views

Design/Logic Flaw

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

5CVSS7.4AI score0.03152EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2024/01/19 7:43 p.m.44 views

CVE-2024-23331 Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

7.5CVSS7.6AI score0.00791EPSS
Exploits1References3
CVE
CVE
added 2024/01/19 7:43 p.m.361 views

CVE-2024-23331

CVE-2024-23331 (Vite) : The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems by using case-augmented filenames. The issue occurs because picomatch defaults to case-sensitive glob matching, while the file server does not, enabling a blacklist bypass and potent...

7.5CVSS7.3AI score0.00791EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/01/19 7:43 p.m.21 views

CVE-2024-23331 Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

7.5CVSS7.3AI score0.00791EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/01/19 12:0 a.m.8 views

PT-2024-19813 · Vite · Vite

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 2.9.17 Vite versions prior to 3.2.8 Vite versions prior to 4.5.2 Vite versions prior to 5.0.12 Description: The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented...

10CVSS6.8AI score0.03152EPSS
Exploits10References43
Rows per page
Query Builder