- Description
- Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in vite@5.0.12, vite@4.5.2, vite@3.2.8, and vite@2.9.17. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers.
- Source
- security-advisories@github.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-178
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "CA6E1BE3-E530-4BB3-8086-856A30ECC2AA",
"versionEndExcluding": "2.9.17",
"versionStartIncluding": "2.7.0"
},
{
"criteria": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "C09B4AF4-B3E4-457D-A5DB-CAB25D164084",
"versionEndExcluding": "3.2.8",
"versionStartIncluding": "3.0.0"
},
{
"criteria": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "78A4B866-994A-4B61-80AC-DDBCB478C66E",
"versionEndExcluding": "4.5.2",
"versionStartIncluding": "4.0.0"
},
{
"criteria": "cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "5A0695F1-5643-4269-94C7-29F156D936F8",
"versionEndExcluding": "5.0.12",
"versionStartIncluding": "5.0.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]