CVE-2024-31207

Summary

Vite (French word for "quick", pronounced /vit/, like "veet") is a frontend build tooling to improve the frontend development experience.server.fs.deny does not deny requests for patterns with directories. This vulnerability has been patched in version(s) 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.18.

Affected Software

VendorProductVersion RangeStatus
vitejsvite>= 2.7.0, <= 2.9.17affected
vitejsvite>= 3.0.0, <= 3.2.8affected
vitejsvite>= 4.0.0, <= 4.5.2affected
vitejsvite>= 5.0.0, <= 5.0.12affected
vitejsvite>= 5.1.0, <= 5.1.6affected
vitejsvite>= 5.2.0, <= 5.2.5affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References