CNNVD-202510-2584 Information
CNNVD ID
CNNVD-202510-2584
Related CVE
- CNNVD Published: 2025-10-20
Description (Chinese)
Vite是Vite开源的一种新型的前端构建工具。 Vite存在路径遍历漏洞,该漏洞源于Windows环境下URL以结尾时发送了server.fs.deny拒绝的文件,可能导致信息泄露。以下版本受到影响:2.9.18版本至3.0.0之前版本、3.2.9版本至4.0.0之前版本、4.5.3版本至5.0.0之前版本、5.2.6版本至5.4.21之前版本、6.0.0版本至6.4.1之前版本、7.0.0版本至7.0.8之前版本和7.1.0版本至7.1.11之前版本。
Description (English)
Vite is a new front-end construction tool for Vite open source. Vite has a loophole in its path, which stems from the fact that URLs in the Windows environment sent documents rejected by server.fs.deny at the end, which could lead to the disclosure of information. The following versions were affected: 2.9.18 to 3.0.0, 3.2.9 to 4.0.0, 4.5.3 to 5.0.0, 5.2.6 to 5.4.21, 6.0.0 to 6.4.1, 7.0.0 to 7.0.8 and 7.1.0 to 7.1.11.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
Vite
Published
2025-10-20
Last Modified
2026-02-24
References
https://github.com/vitejs/vite/commit/f479cc57c425ed41ceb434fecebd63931b1ed4ed https://github.com/vitejs/vite/security/advisories/GHSA-93m4-6634-74q7
Patch
https://github.com/vitejs/vite/releases
Share on: