GHSA-4w7w-66w2-5vf9: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling
Any files ending with .map even out side the project can be returned to the browser.
References
- github.com/advisories/GHSA-4w7w-66w2-5vf9
- github.com/vitejs/vite
- github.com/vitejs/vite/commit/79f002f2286c03c88c7b74c511c7f9fc6dc46694
- github.com/vitejs/vite/pull/22161
- github.com/vitejs/vite/releases/tag/v6.4.2
- github.com/vitejs/vite/releases/tag/v7.3.2
- github.com/vitejs/vite/releases/tag/v8.0.5
- github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9
Code Behaviors & Features
Detect and mitigate GHSA-4w7w-66w2-5vf9 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →