CNNVD-202512-2780 Information

CNNVD ID

CNNVD-202512-2780

Related CVE

CVE-2025-68155

• CNNVD Published: 2025-12-16

Description (Chinese)

Vite Plugin React是Vite开源的一个插件。 Vite Plugin React 0.5.8之前版本存在安全漏洞，该漏洞源于/__vite_rsc_findSourceMapURL端点存在任意文件读取漏洞。

Description (English)

Vite Plugin Fact is an open-source plugin for Vite. There was a security loophole in the pre-Vite Plugin Fact 0.5.8 version, which resulted from any file reading gap at / vite rsc findsourceMapURL end.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Vite

Published

2025-12-16

Last Modified

2026-02-24

References

https://github.com/facebook/react/pull/29708 https://github.com/facebook/react/pull/30741 https://github.com/vitejs/vite-plugin-react/commit/582fba0b9a52b13fcff6beaaa3bfbd532bc5359d https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-g239-q96q-x4qm

Patch

https://github.com/vitejs/vite-plugin-react/releases