GHSA-8jhw-289h-jh2g: Vite's `server.fs.deny` did not deny requests for patterns with directories.
Vite dev server option server.fs.deny did not deny requests for patterns with directories. An example of such a pattern is /foo/**/*.
References
- github.com/advisories/GHSA-8jhw-289h-jh2g
- github.com/vitejs/vite
- github.com/vitejs/vite/commit/011bbca350e447d1b499d242804ce62738c12bc0
- github.com/vitejs/vite/commit/5a056dd2fc80dbafed033062fe6aaf4717309f48
- github.com/vitejs/vite/commit/89c7c645f09d16a38f146ef4a1528f218e844d67
- github.com/vitejs/vite/commit/96a7f3a41ef2f9351c46f3ab12489bb4efa03cc9
- github.com/vitejs/vite/commit/ba5269cca81de3f5fbb0f49d58a1c55688043258
- github.com/vitejs/vite/commit/d2db33f7d4b96750b35370c70dd2c35ec3b9b649
- github.com/vitejs/vite/security/advisories/GHSA-8jhw-289h-jh2g
Code Behaviors & Features
Detect and mitigate GHSA-8jhw-289h-jh2g with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →