Homepage

@cloudflare/vite-plugin@0.0.0-da875d639 vulnerabilities

Cloudflare plugin for Vite

  • latest version

    1.14.2

  • latest non vulnerable version

    1.14.2

  • first published

    9 months ago

  • latest version published

    2 days ago

  • View vite-plugin package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the @cloudflare/vite-plugin package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Information Exposure

    @cloudflare/vite-plugin is a Cloudflare plugin for Vite

    Affected versions of this package are vulnerable to Information Exposure via the dev server process. An attacker can access sensitive files and internal project information by sending HTTP requests to the server for files such as .env, .dev.vars, package.json, or README.md.

    Note: This is exploitable if the development server is exposed to a public or shared network, such as when using preview sharing tools or running the server with a public host configuration.

    How to fix Information Exposure?

    Upgrade @cloudflare/vite-plugin to version 1.6.0 or higher.

    <1.6.0
    Go back to all versions of this package