Home > Vulnerability Database > CVE-2024-31207

Mend.io Vulnerability Database

CVE-2024-31207

Good to know:

Date: April 4, 2024

Vite (French word for "quick", pronounced /vit/, like "veet") is a frontend build tooling to improve the frontend development experience.`server.fs.deny` does not deny requests for patterns with directories. This vulnerability has been patched in version(s) 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.18.

Language: JS

Severity Score

5.9

Related Resources (10)

Url: https://github.com/vitejs/vite/security/advisories/GHSA-8jhw-289h-jh2g

Url: https://github.com/vitejs/vite

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-31207

Url: https://github.com/vitejs/vite/commit/5a056dd2fc80dbafed033062fe6aaf4717309f48

Url: https://github.com/vitejs/vite/commit/011bbca350e447d1b499d242804ce62738c12bc0

Url: https://github.com/vitejs/vite/commit/89c7c645f09d16a38f146ef4a1528f218e844d67

Url: https://github.com/vitejs/vite/commit/ba5269cca81de3f5fbb0f49d58a1c55688043258

Url: https://github.com/vitejs/vite/commit/96a7f3a41ef2f9351c46f3ab12489bb4efa03cc9

Url: https://github.com/vitejs/vite/commit/d2db33f7d4b96750b35370c70dd2c35ec3b9b649

Url: https://www.mend.io/vulnerability-database/CVE-2024-31207

Severity Score

5.9

Weakness Type (CWE)

Improper Access Control

CWE-284

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version vite - 2.9.18,3.2.10,4.5.3,5.0.13,5.1.7,5.2.6

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-31207

Good to know:

Date: April 4, 2024

Language: JS

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?