Home > Vulnerability Database > CVE-2024-31207

Mend.io Vulnerability Database

CVE-2024-31207

Good to know:

Date: April 4, 2024

Vite (French word for "quick", pronounced /vit/, like "veet") is a frontend build tooling to improve the frontend development experience."server.fs.deny" does not deny requests for patterns with directories. This vulnerability has been patched in version(s) 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.18.

Language: JS

Severity Score

5.9

Related Resources (10)

Url: https://github.com/vitejs/vite/security/advisories/GHSA-8jhw-289h-jh2g

Url: https://github.com/vitejs/vite

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-31207

Url: https://github.com/vitejs/vite/commit/5a056dd2fc80dbafed033062fe6aaf4717309f48

Url: https://github.com/vitejs/vite/commit/011bbca350e447d1b499d242804ce62738c12bc0

Url: https://github.com/vitejs/vite/commit/89c7c645f09d16a38f146ef4a1528f218e844d67

Url: https://github.com/vitejs/vite/commit/ba5269cca81de3f5fbb0f49d58a1c55688043258

Url: https://github.com/vitejs/vite/commit/96a7f3a41ef2f9351c46f3ab12489bb4efa03cc9

Url: https://github.com/vitejs/vite/commit/d2db33f7d4b96750b35370c70dd2c35ec3b9b649

Url: https://www.mend.io/vulnerability-database/CVE-2024-31207

Severity Score

5.9

Weakness Type (CWE)

Improper Access Control

CWE-284

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version vite - 2.9.18;vite - 3.2.10;vite - 5.1.7;vite - 5.2.6;vite - 4.5.3;vite - 5.0.13

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-31207

Good to know:

Date: April 4, 2024

Language: JS

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?