CVE-2022-35204Path Traversal in Vite

CWE-22Path Traversal3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
1.0%
top 23.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vitejs Vite
Timeline
PublishedAug 18
Latest updateAug 19

Description

Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDvitejs/vite< 2.9.13
npmvitejs/vite3.0.0-alpha.03.0.0-beta.4+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service2022-08-19
OSV
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service2022-08-19