Описание
@vitejs/plugin-rs provides React Server Components (RSC) support for Vite. Prior to version 0.5.8, the /__vite_rsc_findSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sending a crafted HTTP request with a file:// URL in the filename query parameter. Version 0.5.8 fixes the issue.
EPSS
Процентиль: 63%
0.00453
Низкий
7.5 High
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.5
github
около 2 месяцев назад
@vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint
EPSS
Процентиль: 63%
0.00453
Низкий
7.5 High
CVSS3
Дефекты
CWE-22