CVE-2024-31207

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-31207
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31207.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-31207
Aliases
Downstream
Related
Published
2024-04-04T15:51:54Z
Modified
2025-10-14T14:39:57.756755Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Vite's `server.fs.deny` did not deny requests for patterns with directories
Details

Vite (French word for "quick", pronounced /vit/, like "veet") is a frontend build tooling to improve the frontend development experience.server.fs.deny does not deny requests for patterns with directories. This vulnerability has been patched in version(s) 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.18.

References

Affected packages

Git / github.com/vitejs/vite

Affected ranges

Type
GIT
Repo
https://github.com/vitejs/vite
Events
Introduced
075128a8dd0a2680540179dad2277a797f793199
Last affected
3441f120fbd44b9c408706840647b4c8248b48fb
Type
GIT
Repo
https://github.com/vitejs/vite
Events
Introduced
b8c625cec4db938032ad754c7095bd246a4698ee
Last affected
7e3a86638e1585702e7fb8eaf8ede43740a6a44e
Type
GIT
Repo
https://github.com/vitejs/vite
Events
Introduced
566d4c7bb51cf56550a5374ee46e1e1cbea1cf1f
Last affected
d0360c12476ccc61e9e78c500ed1bd74ed65a2cf
Type
GIT
Repo
https://github.com/vitejs/vite
Events
Introduced
0c3125833033fec4356ab4e90e806e02e8644c40
Last affected
ee81e196769c102a6b1bf30f8444ccde236e71d5
Type
GIT
Repo
https://github.com/vitejs/vite
Events
Introduced
3036bef6679281a0cb4ded09ff884f965a334864
Last affected
6f7466e6211027686f40ad7e4ce6ec8477414546
Type
GIT
Repo
https://github.com/vitejs/vite
Events
Introduced
e4572b8eae561fffdd720686e3ccd001cc5beaf0
Last affected
7a2791ce174933ae3afc29f596491cc0c67b9618

Affected versions

create-vite@4.*

create-vite@4.0.0
create-vite@4.1.0
create-vite@4.1.0-beta.0
create-vite@4.2.0
create-vite@4.2.0-beta.0
create-vite@4.2.0-beta.1
create-vite@4.3.0
create-vite@4.3.0-beta.0
create-vite@4.3.1
create-vite@4.3.2
create-vite@4.4.0
create-vite@4.4.1

create-vite@5.*

create-vite@5.0.0
create-vite@5.1.0
create-vite@5.2.0
create-vite@5.2.1
create-vite@5.2.3

plugin-legacy@3.*

plugin-legacy@3.0.0
plugin-legacy@3.0.1

plugin-legacy@4.*

plugin-legacy@4.0.0
plugin-legacy@4.0.1
plugin-legacy@4.0.2
plugin-legacy@4.0.3
plugin-legacy@4.0.4
plugin-legacy@4.0.5
plugin-legacy@4.1.0
plugin-legacy@4.1.1

plugin-legacy@5.*

plugin-legacy@5.0.0
plugin-legacy@5.1.0
plugin-legacy@5.2.0
plugin-legacy@5.3.1
plugin-legacy@5.3.2

v4.*

v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.1.0
v4.1.0-beta.0
v4.1.0-beta.1
v4.1.0-beta.2
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.2.0
v4.2.0-beta.0
v4.2.0-beta.1
v4.2.0-beta.2
v4.2.1
v4.3.0
v4.3.0-beta.0
v4.3.0-beta.1
v4.3.0-beta.2
v4.3.0-beta.3
v4.3.0-beta.4
v4.3.0-beta.5
v4.3.0-beta.6
v4.3.0-beta.7
v4.3.0-beta.8
v4.3.1
v4.3.2
v4.3.3
v4.3.4
v4.3.5
v4.3.6
v4.3.7
v4.3.8
v4.3.9
v4.4.0
v4.4.0-beta.0
v4.4.0-beta.1
v4.4.0-beta.2
v4.4.0-beta.3
v4.4.0-beta.4
v4.4.1
v4.4.10
v4.4.11
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.4.8
v4.4.9
v4.5.0
v4.5.1
v4.5.2

v5.*

v5.0.0
v5.0.1
v5.0.10
v5.0.11
v5.0.12
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.5
v5.1.6
v5.2.0
v5.2.1
v5.2.2
v5.2.3
v5.2.4
v5.2.5