Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service
- Severity:
- High
Description
Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim’s service.
Recommendation
Update the vite package to the latest compatible version. Followings are version details:
Affected version(s): **>= 3.0.0-alpha.0, < 3.0.0-beta.4 < 2.9.13** Patched version(s): **3.0.0-beta.4 2.9.13**
References
Related Issues
- Raneto Denial of Service via crafted payload injected into `Search` parameter - CVE-2022-35142
- JOSE vulnerable to resource exhaustion via specifically crafted JWE (GHSA-jv3g-j58f-9mq9) - CVE-2022-36083
- steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments - CVE-2022-37262
- JOSE vulnerable to resource exhaustion via specifically crafted JWE (GHSA-jv3g-j58f-9mq9) 3 - CVE-2022-36083
- Tags:
- npm
- vite
Anything's wrong? Let us know Last updated on September 23, 2024