Lucene search
K

4 matches found

Patchstack
Patchstack
added 2026/06/15 5:17 p.m.5 views

NPM: vite: `server.fs.deny` bypass on Windows alternate paths

NPM: vite: server.fs.deny bypass on Windows alternate paths vulnerability discovered by ? in WordPress Npm vite-plus versions = 0.1.23...

8.2CVSS5.8AI score0.00393EPSS
Exploits2References2Affected Software1
Snyk
Snyk
added 2026/04/06 6:3 p.m.9 views

Incorrect Behavior Order: Validate Before Canonicalize

Overview vite-plus is a The Unified Toolchain for the Web Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize through the server.fs.deny component. An attacker can access sensitive files by appending specific query parameters such as ?raw,...

8.2CVSS5.7AI score0.02095EPSS
Exploits1References2
OSV
OSV
added 2026/04/06 6:3 p.m.4 views

GHSA-V2WJ-Q39Q-566R Vite: `server.fs.deny` bypassed with queries

Summary The contents of files that are specified by server.fs.deny can be returned to the browser. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file exists in th...

8.2CVSS5.9AI score0.02095EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2025/10/20 7:54 p.m.9 views

vite allows server.fs.deny bypass via backslash on Windows

Summary Files denied by server.fs.deny were sent if the URL ended with \ when the dev server is running on Windows. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - running the de...

6CVSS7AI score0.01031EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder