Vitejs

Vite

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-30208

Exploit
  • EPSS 88.96%
  • Veröffentlicht 24.03.2025 17:03:40
  • Zuletzt bearbeitet 23.09.2025 14:39:29

Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. `@fs` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the URL bypass...

6.5

CVE-2025-24010

Exploit
  • EPSS 0.09%
  • Veröffentlicht 20.01.2025 16:15:28
  • Zuletzt bearbeitet 19.09.2025 18:35:59

Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. Th...

6.4

CVE-2024-45812

  • EPSS 0.26%
  • Veröffentlicht 17.09.2024 20:15:06
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability when building scripts to `cjs`/`iife`/`umd` output format. The DOM Clobbering gadget in the module can lead to...

4.8

CVE-2024-45811

  • EPSS 0.02%
  • Veröffentlicht 17.09.2024 20:15:05
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses thi...

5.9

CVE-2024-31207

  • EPSS 0.18%
  • Veröffentlicht 04.04.2024 16:15:09
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Vite (French word for "quick", pronounced /vit/, like "veet") is a frontend build tooling to improve the frontend development experience.`server.fs.deny` does not deny requests for patterns with directories. This vulnerability has been patched in ver...

7.5

CVE-2024-23331

Exploit
  • EPSS 0.48%
  • Veröffentlicht 19.01.2024 20:15:14
  • Zuletzt bearbeitet 21.11.2024 08:57:31

Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass ...

6.1

CVE-2023-49293

Exploit
  • EPSS 8.3%
  • Veröffentlicht 04.12.2023 23:15:27
  • Zuletzt bearbeitet 21.11.2024 08:33:12

Vite is a website frontend framework. When Vite's HTML transformation is invoked manually via `server.transformIndexHtml`, the original request URL is passed in unmodified, and the `html` being transformed contains inline module scripts (`<script typ...

7.5

CVE-2023-34092

Exploit
  • EPSS 55.11%
  • Veröffentlicht 01.06.2023 17:15:10
  • Zuletzt bearbeitet 21.11.2024 08:06:31

Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options (`server.fs.deny`) can be bypassed using double forward-slash (//) allows any unauthenticated user to read file from the Vite root-pa...

4.3

CVE-2022-35204

Exploit
  • EPSS 0.97%
  • Veröffentlicht 18.08.2022 19:15:14
  • Zuletzt bearbeitet 21.11.2024 07:10:53

Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service.