Description
The contents of arbitrary files can be returned to the browser.
Recommendation
Update the vite package to the latest compatible version. Followings are version details:
Affected version(s): **>= 5.0.0, <= 5.1.7 >= 5.2.0, < 5.2.14 <= 3.2.10 >= 4.0.0, <= 4.5.3 >= 5.3.0, <= 5.3.5 >= 5.4.0, <= 5.4.5** Patched version(s): **5.1.8 5.2.14 3.2.11 4.5.4 5.3.6 5.4.6**
References
Related Issues
- @digitalocean/do-markdownit has Type Confusion vulnerability - CVE-2025-59717
- Vite's `server.fs` settings were not applied to HTML files - CVE-2025-58752
- Parse Server before v3.4.1 vulnerable to Denial of Service - CVE-2019-1020012
- useragent Regular Expression Denial of Service vulnerability - CVE-2020-26311
- Tags:
- npm
- vite
Anything's wrong? Let us know Last updated on September 19, 2024