Description

Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.

INFO

Published Date :

2024-09-17T20:08:11.801Z

Last Modified :

2024-09-18T14:06:21.732Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45811 vulnerability.

Vendors Products
Redhat
  • Openshift Distributed Tracing
Vitejs
  • Vite
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45811.

URL Resource
https://github.com/vitejs/vite cve-icon
https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249 cve-icon
https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34 cve-icon cve-icon cve-icon
https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd cve-icon
https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6 cve-icon
https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7 cve-icon
https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-45811 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-45811 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact