admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-29 05:56:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2025/CVE-2025-240xx/CVE-2025-24010.json
cad-safe-bot 0c245865ae Auto-Update: 2025-01-26T03:00:19.791548+00:00
2025-01-26 03:03:52 +00:00

68 lines
2.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2025-24010",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-01-20T16:15:28.730",
"lastModified": "2025-01-20T16:15:28.730",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6."
},
{
"lang": "es",
"value": "Vite es una herramienta de interfaz framework para JavaScript. Vite permit\u00eda que cualquier sitio web enviara solicitudes al servidor de desarrollo y leyera la respuesta debido a la configuraci\u00f3n CORS predeterminada y la falta de validaci\u00f3n en el encabezado Origin para las conexiones WebSocket. Esta vulnerabilidad se solucion\u00f3 en 6.0.9, 5.4.12 y 4.5.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
},
{
"lang": "en",
"value": "CWE-350"
},
{
"lang": "en",
"value": "CWE-1385"
}
]
}
],
"references": [
{
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6",
"source": "security-advisories@github.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink