npm / vite

Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)

수정: 2024. 8. 9.

Vite has an `server.fs.deny` bypass with an invalid `request-target`

수정: 2026. 2. 4.

Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query

수정: 2026. 2. 4.

Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling

수정: 2026. 4. 9.

Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS

수정: 2026. 2. 4.

Vite's server.fs.deny bypassed with /. for files under project root

수정: 2026. 2. 4.

Vite's `server.fs.deny` did not deny requests for patterns with directories.

수정: 2024. 4. 5.

Vite XSS vulnerability in `server.transformIndexHtml` via URL payload

수정: 2023. 12. 6.

vite allows server.fs.deny bypass via backslash on Windows

수정: 2026. 2. 4.

Vite's `server.fs.deny` is bypassed when using `?import&raw`

수정: 2026. 2. 4.

Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

수정: 2026. 2. 4.

launch-editor vulnerable to command injection via the crafted request on Windows

수정: 2026. 6. 6.

vite: `server.fs.deny` bypass on Windows alternate paths

수정: 2026. 6. 15.

Vite middleware may serve files starting with the same name with the public directory

수정: 2026. 2. 4.

Vite's `server.fs` settings were not applied to HTML files

수정: 2026. 2. 4.

Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service

수정: 2024. 9. 23.

Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket

수정: 2026. 4. 9.

Vite: `server.fs.deny` bypassed with queries

수정: 2026. 4. 9.

launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

수정: 2026. 6. 15.

Websites were able to send any requests to the development server and read the response in vite

수정: 2026. 2. 4.

Vite bypasses server.fs.deny when using ?raw??

수정: 2026. 2. 4.

Vite allows server.fs.deny to be bypassed with .svg or relative paths

수정: 2026. 2. 4.