Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-57753

Опубликовано: 21 авг. 2025
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 2automation-gatewayFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-22
https://bugzilla.redhat.com/show_bug.cgi?id=2390125vite-plugin-static-copy: vite-plugin-static-copy fpath traversal

EPSS

Процентиль: 32%
0.00123
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-57753

nvd
4 месяца назад

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2.

github логотип

GHSA-pp7p-q8fx-2968

github
4 месяца назад

vite-plugin-static-copy files not included in `src` are possible to access with a crafted request

EPSS

Процентиль: 32%
0.00123
Низкий

6.5 Medium

CVSS3