Description
Any files ending with .map even out side the project can be returned to the browser.
Recommendation
Update the vite package to the latest compatible version. Followings are version details:
Affected version(s): **<= 6.4.1 >= 7.0.0, <= 7.3.1 >= 8.0.0, <= 8.0.4** Patched version(s): **6.4.2 7.3.2 8.0.5**
References
Related Issues
- @google/clasp vulnerable to unsafe path traversal cloning or pulling a malicious script - CVE-2026-4092
- ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction - CVE-2026-32731
- i18next-http-middleware: Prototype pollution and path traversal via user-controlled language and namespace parameters - CVE-2026-41690
- OpenClaude: Sandbox Bypass via Early-Exit Logic Flaw Allows Path Traversal - CVE-2026-35570
You might also like:
- Tags:
- npm
- vite
Anything's wrong? Let us know Last updated on April 07, 2026