Page MenuHomePhabricator

Path Traversal Vulnerabilities in Vite
Open, Needs TriagePublic


These are from the reporting tool Snyk

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

The following files are affected:

Suggested fix is to check the file path before traversal. The following examples might or might not work for the Vite code baseL