Vitejs Vite vulnerabilities
22 known vulnerabilities affecting vitejs/vite.
Total CVEs
22
CISA KEV
1
actively exploited
Public exploits
12
Exploited in wild
3
Severity breakdown
HIGH8MEDIUM14
Vulnerabilities
Page 2 of 2
CVE-2024-45811P4MEDIUMCVSS 4.8v>= 5.4.0, < 5.4.6v>= 5.3.0, < 5.3.6+3 more2024-09-17
CVE-2024-45811 [MEDIUM] CWE-200 CVE-2024-45811: Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitra
Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists. This issue has been patched in versions 5.4.6
ghsanvdosv
CVE-2022-35204P4MEDIUMCVSS 4.3fixed in 2.9.132022-08-18
CVE-2022-35204 [MEDIUM] CWE-22 CVE-2022-35204: Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a
Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service.
ghsanvdosv
← Previous2 / 2