CVE-2024-31207
Vite (French word for "quick", pronounced /vit/, like "veet") is a frontend build tooling to improve the frontend development experience.server.fs.deny does not deny requests for patterns with directories. This vulnerability has been patched in version(s) 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.18.
| Software | From | Fixed in |
|---|---|---|
vitejs / vite
|
2.7.0 | 2.9.18 |
|
vitejs / vite
|
3.0.0 | 3.2.10 |
|
vitejs / vite
|
4.0.0 | 4.5.3 |
|
vitejs / vite
|
5.0.0 | 5.0.13 |
|
vitejs / vite
|
5.1.0 | 5.1.7 |
|
vitejs / vite
|
5.2.0 | 5.2.6 |
- https://github.com/vitejs/vite/commit/011bbca350e447d1b499d242804ce62738c12bc0
- https://github.com/vitejs/vite/commit/5a056dd2fc80dbafed033062fe6aaf4717309f48
- https://github.com/vitejs/vite/commit/89c7c645f09d16a38f146ef4a1528f218e844d67
- https://github.com/vitejs/vite/commit/96a7f3a41ef2f9351c46f3ab12489bb4efa03cc9
- https://github.com/vitejs/vite/commit/ba5269cca81de3f5fbb0f49d58a1c55688043258
- https://github.com/vitejs/vite/commit/d2db33f7d4b96750b35370c70dd2c35ec3b9b649
- https://github.com/vitejs/vite/security/advisories/GHSA-8jhw-289h-jh2g
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime