CVE-2024-31207 Information

Description

Vite (French word for \quick\ pronounced /vit/ like eet) is a frontend build tooling to improve the frontend development experience.server.fs.deny does not deny requests for patterns with directories. This vulnerability has been patched in version(s) 5.2.6 5.1.7 5.0.13 4.5.3 3.2.10 and 2.9.18.

Reference

https://github.com/vitejs/vite/security/advisories/GHSA-8jhw-289h-jh2g https://github.com/vitejs/vite/commit/011bbca350e447d1b499d242804ce62738c12bc0 https://github.com/vitejs/vite/commit/5a056dd2fc80dbafed033062fe6aaf4717309f48 https://github.com/vitejs/vite/commit/89c7c645f09d16a38f146ef4a1528f218e844d67 https://github.com/vitejs/vite/commit/96a7f3a41ef2f9351c46f3ab12489bb4efa03cc9 https://github.com/vitejs/vite/commit/ba5269cca81de3f5fbb0f49d58a1c55688043258 https://github.com/vitejs/vite/commit/d2db33f7d4b96750b35370c70dd2c35ec3b9b649