Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-mv48-hcvh-8jj8: Vitejs Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service

Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim’s service.

ghsa
Open in Source
#js#git
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2022-35204

Vitejs Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim’s service

Moderate severity GitHub Reviewed Published Aug 19, 2022 • Updated Aug 30, 2022

Affected versions

< 2.9.13

Description

Related news

CVE-2022-35204: Unrestricted directory traversal with `@fs` (Bypass) · Issue #8498 · vitejs/vite

Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service.

ghsa: Latest News

GHSA-jg74-mwgw-v6x3: Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
ghsa