CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
50.6%
vite is vulnerable to Arbitrary File Read. The vulnerability exists due to improper file path sanitization, allowing an attacker to access files from the root path. Note this vulnerability is only applicable if the vite dev
server is hosted on the network.
github.com/vitejs/vite/commit/0574f80751aa5fb383930049a8c370e90db9c4c7
github.com/vitejs/vite/commit/28548b51e17a33d2b8ac4222a024389147c600fa
github.com/vitejs/vite/commit/293213bc43b92e0f6837785c0c877a92b3c9b827
github.com/vitejs/vite/commit/7b614642e1e9ae4a9b95e9e6110ace7a24994bab
github.com/vitejs/vite/commit/7d8100a9ac71794c5a1883583371b13f923869d9
github.com/vitejs/vite/commit/813ddd6155c3d54801e264ba832d8347f6f66b32
github.com/vitejs/vite/pull/13348
github.com/vitejs/vite/security/advisories/GHSA-353f-5xf4-qw67