exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2024-45811

больше 1 года назад

Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS3: 4.8

EPSS: Низкий

CVE-2024-45811

больше 1 года назад

Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS3: 4.8

EPSS: Низкий

CVE-2024-45811

больше 1 года назад

Vite a frontend build tooling framework for javascript. In affected ve ...

CVSS3: 4.8

EPSS: Низкий

GHSA-9cwx-2883-4wfx

больше 1 года назад

Vite's `server.fs.deny` is bypassed when using `?import&raw`

CVSS3: 5.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2024-45811 Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.	CVSS3: 4.8	0% Низкий	больше 1 года назад
CVE-2024-45811 Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.	CVSS3: 4.8	0% Низкий	больше 1 года назад
CVE-2024-45811 Vite a frontend build tooling framework for javascript. In affected ve ...	CVSS3: 4.8	0% Низкий	больше 1 года назад
GHSA-9cwx-2883-4wfx Vite's `server.fs.deny` is bypassed when using `?import&raw`	CVSS3: 5.3	0% Низкий	больше 1 года назад

Уязвимостей на страницу