Lucene search

K

Vitejs Security Vulnerabilities

cve
cve

CVE-2024-31207

Vite (French word for "quick", pronounced /vit/, like "veet") is a frontend build tooling to improve the frontend development experience.server.fs.deny does not deny requests for patterns with directories. This vulnerability has been patched in version(s) 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and...

5.9CVSS

6.5AI Score

0.0004EPSS

2024-04-04 04:15 PM
28
cve
cve

CVE-2024-23331

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area.....

7.5CVSS

7.3AI Score

0.001EPSS

2024-01-19 08:15 PM
69
cve
cve

CVE-2023-49293

Vite is a website frontend framework. When Vite's HTML transformation is invoked manually via server.transformIndexHtml, the original request URL is passed in unmodified, and the html being transformed contains inline module scripts (<script type="module">...</script>), it is possible t...

6.1CVSS

6AI Score

0.0005EPSS

2023-12-04 11:15 PM
28
cve
cve

CVE-2023-34092

Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) allows any unauthenticated user to read file from the Vite root-path of the application including the default...

7.5CVSS

7.1AI Score

0.001EPSS

2023-06-01 05:15 PM
35
cve
cve

CVE-2022-35204

Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's...

4.3CVSS

4.6AI Score

0.001EPSS

2022-08-18 07:15 PM
31
5