Lucene search

K

Veracode Vulnerability DatabaseVERACODE:40922

HistoryJun 16, 2023 - 6:19 a.m.

Arbitrary File Read

2023-06-1606:19:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

vulnerability

file path sanitization

attacker access

root path

dev server

network hosted

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

50.6%

vite is vulnerable to Arbitrary File Read. The vulnerability exists due to improper file path sanitization, allowing an attacker to access files from the root path. Note this vulnerability is only applicable if the vite dev server is hosted on the network.

References

github.com/vitejs/vite/commit/0574f80751aa5fb383930049a8c370e90db9c4c7

github.com/vitejs/vite/commit/28548b51e17a33d2b8ac4222a024389147c600fa

github.com/vitejs/vite/commit/293213bc43b92e0f6837785c0c877a92b3c9b827

github.com/vitejs/vite/commit/7b614642e1e9ae4a9b95e9e6110ace7a24994bab

github.com/vitejs/vite/commit/7d8100a9ac71794c5a1883583371b13f923869d9

github.com/vitejs/vite/commit/813ddd6155c3d54801e264ba832d8347f6f66b32

github.com/vitejs/vite/pull/13348

github.com/vitejs/vite/security/advisories/GHSA-353f-5xf4-qw67

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

50.6%

Related for VERACODE:40922

osv4 prion2 cvelist2 githubexploit1 nvd2 cve2 github2