Lucene search
K

5 matches found

OSV
OSV
added 2025/08/21 4:3 p.m.5 views

CVE-2025-57753 vite-plugin-static-copy files not included in `src` are accessible with a crafted request

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2...

6CVSS6.8AI score0.00394EPSS
Exploits0References3
Snyk
Snyk
added 2025/08/21 2:53 p.m.1 views

Directory Traversal

Overview vite-plugin-static-copy is a rollup-plugin-copy for vite with dev server support. Affected versions of this package are vulnerable to Directory Traversal via the viaLocal function. An attacker can access arbitrary files on the server by sending crafted HTTP requests that exploit path...

8.9CVSS7.7AI score0.00394EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/08/21 2:53 p.m.5 views

@hpcc-js/esbuild-plugins (>=1.4.2 <=1.4.9), @yangzw/bruce-app (>=1.3.7 <=1.3.8) +1 more potentially affected by CVE-2025-57753 via vite-plugin-static-copy (>=3.0.0 <=3.1.1)

vite-plugin-static-copy NPM version =3.0.0, =1.4.2, =1.3.7, =1.3.8 - auto-reveal =0.7.0 Source cves: CVE-2025-57753 Source advisory: OSV:GHSA-PP7P-Q8FX-2968...

6CVSS5.8AI score0.00394EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/08/21 2:53 p.m.5 views

@apiida/vue-components (>=16.5.0 <=18.0.2), @axirs/storybook-template (>=1.0.0-beta-v2.0.0 <=1.0.0-beta-v2.1.2) +114 more potentially affected by CVE-2025-57753 via vite-plugin-static-copy (>=0.6.1 <=2.3.1)

vite-plugin-static-copy NPM version =0.6.1, =16.5.0, =1.0.0-beta-v2.0.0, =0.4.3, =1.0.4, =1.1.0, =0.20.1, =0.5.0, =0.0.1, =0.0.3, =0.3.0, =0.1.0, =0.2.21, =0.4.1 and more Source cves: CVE-2025-57753 Source advisory: SNYK:JS-VITEPLUGINSTATICCOPY-12179280...

6CVSS5.8AI score0.00394EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/08/21 2:53 p.m.6 views

@hpcc-js/esbuild-plugins (>=1.4.2 <=1.4.9), @yangzw/bruce-app (>=1.3.7 <=1.3.8) +1 more potentially affected by CVE-2025-57753 via vite-plugin-static-copy (>=3.0.0 <=3.1.1)

vite-plugin-static-copy NPM version =3.0.0, =1.4.2, =1.3.7, =1.3.8 - auto-reveal =0.7.0 Source cves: CVE-2025-57753 Source advisory: SNYK:JS-VITEPLUGINSTATICCOPY-12179280...

6CVSS5.8AI score0.00394EPSS
Exploits0
Rows per page
Query Builder