1. Home
  2. CVE Database
  3. CVE-2024-45811
MEDIUM · 4.8

CVE-2024-45811

Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow ...

Vulnerability Description

Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Related Weaknesses (CWE)

CWE-284CWE-200

References

FAQ

What is CVE-2024-45811?

CVE-2024-45811 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow ...

How severe is CVE-2024-45811?

CVE-2024-45811 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-45811?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.