VDB

CVE-2024-45811

CVE-2024-45811 PUBLISHED CVSS 4.800000190734863 MEDIUM

Vite's `server.fs.deny` is bypassed when using `?import&raw`

EPSS 0.02% · 3.1th percentile

Risk Scores

CVSS 3.1
4.800000190734863
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
0.02%
3.1th percentile

Affected Products

VendorProductVersions
npmvite4.0.0, 5.2.0, 5.3.0
vitejsvite5.0.0, 5.0.0, 4.0.0
vitejsvite*, *, *

Timeline

  • Jan 21, 1970 Security Advisory
  • Sep 17, 2024 CVE Published
  • Sep 17, 2024 PoC Published
  • Sep 18, 2024 EPSS Score
  • Sep 19, 2024 CVE Updated
  • Oct 5, 2024 Coalition ESS Score
  • Oct 8, 2024 EPSS Score
  • Oct 27, 2024 EPSS Score
  • Nov 16, 2024 EPSS Score
  • Dec 6, 2024 EPSS Score
  • Dec 26, 2024 EPSS Score
  • Jan 15, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›