5 matches found
CVE-2025-58752 vulnerabilities
Vulnerabilities for packages: langfuse-fips, langfuse, vitess...
@1771technologies/oneplay (>=0.0.1 <=0.0.6), @aicblock/cli (>=1.0.0 <=1.0.1) +159 more potentially affected by CVE-2025-58752 via vite (>=6.0.0 <=6.3.5)
vite NPM version =6.0.0, =0.0.1, =1.0.0, =1.0.0, =0.2.0, =4.25.19-patch.2, =19.1.0, =0.55.0, =0.21.2-4.1, =0.4.2, =0.1.10, =0.0.1, =1.0.0, =1.0.3 and more Source cves: CVE-2025-58752 Source advisory: OSV:GHSA-JQFW-VQ24-V9C3...
@angular/build (>=20.1.0 <=20.2.0-next.2), @atomazing-org/super-app-host (>=0.0.4 <=0.0.8) +55 more potentially affected by CVE-2025-58752 via vite (>=7.0.0 <=7.0.6)
vite NPM version =7.0.0, =20.1.0, =0.0.4, =0.2.9, =1.190.0, =0.1.0, =0.0.1750946288791, =0.0.2, =0.0.7, =0.0.2, =0.0.1, =0.1.34, =0.1.35 and more Source cves: CVE-2025-58752 Source advisory: SNYK:JS-VITE-12558116...
CVE-2025-58752 Vite's `server.fs` settings were not applied to HTML files
Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or server.host config option and...
CVE-2025-58752
creationtimestamp| type| source ---|---|--- 2025-09-08 07:03:19+00:00| published-proof-of-concept| https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3 2026-03-12 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-03...