privilegedescalation/headlamp-tns-csi-plugin

fix: patch Vite arbitrary file read vulnerability (GHSA-p9ff-h696-f583) #28

Merged

privilegedescalation-engineer[bot] merged 1 commits from gandalf/fix-vite-arbitrary-file-read-vulnerability into main

2026-05-03 17:44:12 +00:00

Author	SHA1	Message	Date
Gandalf the Greybeard	b40b553489	fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via the Vite Dev Server WebSocket (server.fs.deny bypass with queries). CVE: GHSA-p9ff-h696-f583 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-23 03:41:14 +00:00

Author

SHA1

Message

Date

Gandalf the Greybeard

b40b553489

fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability

Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via
the Vite Dev Server WebSocket (server.fs.deny bypass with queries).

CVE: GHSA-p9ff-h696-f583

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-23 03:41:14 +00:00

fix: patch Vite arbitrary file read vulnerability (GHSA-p9ff-h696-f583) #28

1 Commits