File Disclosure Vulnerability in Vite Framework by ViteJS
CVE-2024-45811
Currently unrated
Summary
This vulnerability in the Vite frontend build tool allows unauthorized access to the contents of arbitrary files via a crafted URL. Specifically, appending '?import&raw' to the URL can bypass the '@fs' file access restrictions, exposing potentially sensitive data to the browser. This issue affects several versions of the Vite framework and has been patched. Users are strongly advised to upgrade to the latest versions to mitigate the risk of unauthorized data exposure.
References
Timeline
Vulnerability published