VDB
CVE-2024-45811
CVE-2024-45811
PUBLISHED
CVSS 4.800000190734863 MEDIUM
Vite's `server.fs.deny` is bypassed when using `?import&raw`
EPSS 0.02% · 3.1th percentile
Risk Scores
CVSS 3.1
4.800000190734863
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
0.02%
3.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| npm | vite | 4.0.0, 5.2.0, 5.3.0 |
| vitejs | vite | 5.0.0, 5.0.0, 4.0.0 |
| vitejs | vite | *, *, * |
Exploit Intelligence
Timeline
- Jan 21, 1970 Security Advisory
- Sep 17, 2024 CVE Published
- Sep 17, 2024 PoC Published
- Sep 18, 2024 EPSS Score
- Sep 19, 2024 CVE Updated
- Oct 5, 2024 Coalition ESS Score
- Oct 8, 2024 EPSS Score
- Oct 27, 2024 EPSS Score
- Nov 16, 2024 EPSS Score
- Dec 6, 2024 EPSS Score
- Dec 26, 2024 EPSS Score
- Jan 15, 2025 EPSS Score
References
- https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx url
- https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34 url
- https://nvd.nist.gov/vuln/detail/CVE-2024-45811 advisory
- https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249 url
- https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd url
- https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6 url
- https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7 url
- https://github.com/vitejs/vite package