- Description
- Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-346
- Hype score
- Not currently trending
CVE-2025-24010 Improper WebSocket Handling in Vite Allows Unauthorized Data Access https://t.co/Lj2gHOtdR5
@VulmonFeeds
20 Jan 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24010 Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default COR… https://t.co/kQ67h3UfM3
@CVEnew
20 Jan 2025
540 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes