CNNVD-202512-1092 Information

CNNVD ID

CNNVD-202512-1092

Related CVE

CVE-2025-67489

• CNNVD Published: 2025-12-09

Description (Chinese)

Vite Plugin React是Vite开源的一个插件。 Vite Plugin React 0.5.5及之前版本存在代码注入漏洞，该漏洞源于服务器功能API中存在不安全的动态导入，可能导致远程代码执行。

Description (English)

Vite Plugin Fact is an open-source plugin for Vite. Vite Plugin Fact 0.5.5 and previous versions had a code injection loophole, which stemmed from the presence of an unsafe dynamic import in the server function API, which could lead to remote code implementation.

Hazard Level

Low

Vulnerability Type

代码注入

Affected Vendor

Vite

Published

2025-12-09

Last Modified

2026-02-24

References

https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-j76j-5p5g-9wfr https://github.com/vitejs/vite-plugin-react/commit/fe634b58210d0a4a146a7faae56cd71af3bb9af4 https://access.redhat.com/security/cve/cve-2025-67489

Patch

https://github.com/vitejs/vite-plugin-react/releases