CVE-2025-57753: vite-plugin-static-copy files not included in `src` are possible to access with a crafted request
Files not included in src was possible to access with a crafted request.
References
- github.com/advisories/GHSA-pp7p-q8fx-2968
- github.com/sapphi-red/vite-plugin-static-copy
- github.com/sapphi-red/vite-plugin-static-copy/commit/0bc6b49ed72b46eecfc9682045f4b46a19694969
- github.com/sapphi-red/vite-plugin-static-copy/commit/4627afb8582083eab733881d3d974e1c1f23997d
- github.com/sapphi-red/vite-plugin-static-copy/releases/tag/vite-plugin-static-copy%402.3.2
- github.com/sapphi-red/vite-plugin-static-copy/releases/tag/vite-plugin-static-copy%403.1.2
- github.com/sapphi-red/vite-plugin-static-copy/security/advisories/GHSA-pp7p-q8fx-2968
- nvd.nist.gov/vuln/detail/CVE-2025-57753
Code Behaviors & Features
Detect and mitigate CVE-2025-57753 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →