VDB
CVE-2024-45812
CVE-2024-45812
PUBLISHED
CVSS 6.400000095367432 MEDIUM
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
EPSS 0.26% · 49.1th percentile
Risk Scores
CVSS v3.1
6.400000095367432
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
EPSS Score
0.26%
49.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| vitejs | vite | >= 5.4.0, < 5.4.6, *, * |
| npm | vite | 5.2.0, 5.2.0, 4.0.0 |
| vitejs | vite | 0, 4.0.0, 5.0.0 |
Timeline
- Jan 21, 1970 Security Advisory
- Sep 17, 2024 CVE Published
- Sep 17, 2024 PoC Published
- Sep 18, 2024 EPSS Score
- Sep 19, 2024 CVE Updated
- Oct 5, 2024 Coalition ESS Score
- Oct 8, 2024 EPSS Score
- Oct 27, 2024 EPSS Score
- Nov 16, 2024 EPSS Score
- Dec 26, 2024 EPSS Score
- Jan 14, 2025 EPSS Score
- Feb 3, 2025 EPSS Score
References
- https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3 url
- https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986 url
- https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad url
- https://research.securitum.com/xss-in-amp4email-dom-clobbering url
- https://scnps.co/papers/sp23_domclob.pdf url
- https://nvd.nist.gov/vuln/detail/CVE-2024-45812 advisory
- https://github.com/vitejs/vite/commit/179b17773cf35c73ddb041f9e6c703fd9f3126af url
- https://github.com/vitejs/vite/commit/2691bb3ff6b073b41fb9046909e1e03a74e36675 url
- https://github.com/vitejs/vite/commit/2ddd8541ec3b2d2e5b698749e0f2362ef28056bd url
- https://github.com/vitejs/vite/commit/e8127166979e7ace6eeaa2c3b733c8994caa31f3 url
- https://github.com/vitejs/vite/commit/ebb94c5b3bf41950f45562595adec117a4d0ba5e url
- https://github.com/vitejs/vite package