CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

NVD•added 2025/08/21 4:15 p.m.•3 views

CVE-2025-57753

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2...

6CVSS0.00191EPSS

Exploits0References1

CVE•added 2025/08/21 4:3 p.m.•12 views

CVE-2025-57753

The CVE-2025-57753 vulnerability affects vite-plugin-static-copy (a Rollup plugin for Vite). Affected versions allow a crafted HTTP request to access files not included in src when the Vite dev server is exposed to the network. Impact is information disclosure of files outside the intended direct...

6CVSS7AI score0.00191EPSS

Exploits0References1

OSV•added 2025/08/21 4:3 p.m.•2 views

CVE-2025-57753 vite-plugin-static-copy files not included in `src` are accessible with a crafted request

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2...

6CVSS6.8AI score0.00191EPSS

Exploits0References3

Cvelist•added 2025/08/21 4:3 p.m.•7 views

CVE-2025-57753 vite-plugin-static-copy files not included in `src` are accessible with a crafted request

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2...

6CVSS0.00191EPSS

Exploits0References1

Github Security Blog•added 2025/08/21 2:53 p.m.•4 views

vite-plugin-static-copy files not included in `src` are possible to access with a crafted request

Summary Files not included in src was possible to access with a crafted request. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Arbitrary files can be disclosed by exploiting this vulnerability. Details Consider the...

6CVSS7.1AI score0.00191EPSS

Exploits0References7Affected Software1

OSV•added 2025/08/21 2:53 p.m.•1 views

GHSA-PP7P-Q8FX-2968 vite-plugin-static-copy files not included in `src` are possible to access with a crafted request

6CVSS6AI score0.00191EPSS

Exploits0References7

vulnersOsv•added 2025/08/21 2:53 p.m.•2 views

@hpcc-js/esbuild-plugins (>=1.4.2 <=1.4.9), @yangzw/bruce-app (>=1.3.7 <=1.3.8) +1 more potentially affected by CVE-2025-57753 via vite-plugin-static-copy (>=3.0.0 <=3.1.1)

vite-plugin-static-copy NPM version =3.0.0, =1.4.2, =1.3.7, =1.3.8 - auto-reveal =0.7.0 Source cves: CVE-2025-57753 Source advisory: OSV:GHSA-PP7P-Q8FX-2968...

6CVSS5.8AI score0.00191EPSS

Exploits0

Snyk•added 2025/08/21 2:53 p.m.•1 views

Directory Traversal

Overview vite-plugin-static-copy is a rollup-plugin-copy for vite with dev server support. Affected versions of this package are vulnerable to Directory Traversal via the viaLocal function. An attacker can access arbitrary files on the server by sending crafted HTTP requests that exploit path...

8.9CVSS7.7AI score0.00191EPSS

Exploits0References2

vulnersOsv•added 2025/08/21 2:53 p.m.•1 views

@hpcc-js/esbuild-plugins (>=1.4.2 <=1.4.9), @yangzw/bruce-app (>=1.3.7 <=1.3.8) +1 more potentially affected by CVE-2025-57753 via vite-plugin-static-copy (>=3.0.0 <=3.1.1)

vite-plugin-static-copy NPM version =3.0.0, =1.4.2, =1.3.7, =1.3.8 - auto-reveal =0.7.0 Source cves: CVE-2025-57753 Source advisory: SNYK:JS-VITEPLUGINSTATICCOPY-12179280...

6CVSS5.8AI score0.00191EPSS

Exploits0

vulnersOsv•added 2025/08/21 2:53 p.m.•1 views

@apiida/vue-components (>=16.5.0 <=18.0.2), @axirs/storybook-template (>=1.0.0-beta-v2.0.0 <=1.0.0-beta-v2.1.2) +114 more potentially affected by CVE-2025-57753 via vite-plugin-static-copy (>=0.6.1 <=2.3.1)

vite-plugin-static-copy NPM version =0.6.1, =16.5.0, =1.0.0-beta-v2.0.0, =0.4.3, =1.0.4, =1.1.0, =0.20.1, =0.5.0, =0.0.1, =0.0.3, =0.3.0, =0.1.0, =0.2.21, =0.4.1 and more Source cves: CVE-2025-57753 Source advisory: SNYK:JS-VITEPLUGINSTATICCOPY-12179280...

6CVSS5.8AI score0.00191EPSS

Exploits0

CNNVD•added 2025/08/21 12:0 a.m.•1 views

vite-plugin-static-copy 安全漏洞

vite-plugin-static-copy is a plugin with development server support for sapphi-red individual developers. A security vulnerability exists in vite-plugin-static-copy versions prior to 2.3.2 and prior to 3.1.2, which stems from a specially crafted request that can access files not included in the s...

6CVSS6.4AI score0.00191EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by