6.0.3
4 years ago
10 days ago
Known vulnerabilities in the vite package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Information Exposure when using How to fix Information Exposure? Upgrade | <3.2.11>=4.0.0 <4.5.5>=5.0.0 <5.2.14>=5.3.0 <5.3.6>=5.4.0 <5.4.6 |
vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the How to fix Cross-site Scripting (XSS)? Upgrade | <3.2.11>=4.0.0 <4.5.5>=5.0.0 <5.2.14>=5.3.0 <5.3.6>=5.4.0 <5.4.6 |
vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Path Equivalence such that Server Options ( Note: Only users explicitly exposing the Vite dev server to the network (using How to fix Path Equivalence? Upgrade | <2.9.16>=3.0.0 <3.2.7>=4.0.0 <4.0.5>=4.1.0 <4.1.5>=4.2.0 <4.2.3>=4.3.0 <4.3.9 |
vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal. It allows attackers to perform a directory traversal via a crafted URL to the victim's service. How to fix Directory Traversal? Upgrade | <2.9.13 |