Homepage

@cloudflare/vite-plugin@0.0.0-0dc599216 vulnerabilities

Cloudflare plugin for Vite

  • latest version

    1.12.4

  • latest non vulnerable version

    1.12.4

  • first published

    7 months ago

  • latest version published

    16 hours ago

  • View vite-plugin package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the @cloudflare/vite-plugin package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Information Exposure

    @cloudflare/vite-plugin is a Cloudflare plugin for Vite

    Affected versions of this package are vulnerable to Information Exposure via the dev server process. An attacker can access sensitive files and internal project information by sending HTTP requests to the server for files such as .env, .dev.vars, package.json, or README.md.

    Note: This is exploitable if the development server is exposed to a public or shared network, such as when using preview sharing tools or running the server with a public host configuration.

    How to fix Information Exposure?

    Upgrade @cloudflare/vite-plugin to version 1.6.0 or higher.

    <1.6.0
    Go back to all versions of this package