privilegedescalation/headlamp-sealed-secrets-plugin

fix: patch Vite arbitrary file read vulnerability (GHSA-p9ff-h696-f583) #51

Merged

privilegedescalation-engineer[bot] merged 1 commits from gandalf/fix-vite-arbitrary-file-read-vulnerability into main

2026-05-03 17:44:05 +00:00

Author	SHA1	Message	Date
Gandalf the Greybeard	78a69fe9b4	fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via the Vite Dev Server WebSocket (server.fs.deny bypass with queries). CVE: GHSA-p9ff-h696-f583 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-23 03:41:00 +00:00

Author

SHA1

Message

Date

Gandalf the Greybeard

78a69fe9b4

fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability

Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via
the Vite Dev Server WebSocket (server.fs.deny bypass with queries).

CVE: GHSA-p9ff-h696-f583

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-23 03:41:00 +00:00

fix: patch Vite arbitrary file read vulnerability (GHSA-p9ff-h696-f583) #51

1 Commits