GHSA-v2wj-q39q-566r: Vite: `server.fs.deny` bypassed with queries
The contents of files that are specified by server.fs.deny can be returned to the browser.
References
- github.com/advisories/GHSA-v2wj-q39q-566r
- github.com/vitejs/vite
- github.com/vitejs/vite/commit/a9a3df299378d9cbc5f069e3536a369f8188c8ff
- github.com/vitejs/vite/pull/22160
- github.com/vitejs/vite/releases/tag/v7.3.2
- github.com/vitejs/vite/releases/tag/v8.0.5
- github.com/vitejs/vite/security/advisories/GHSA-v2wj-q39q-566r
Code Behaviors & Features
Detect and mitigate GHSA-v2wj-q39q-566r with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →