CVE-2025-24963
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-24963
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24963.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-24963
- Aliases
- Published
- 2025-02-04T20:15:50Z
- Modified
- 2025-02-05T08:49:49.329556Z
- Summary
- [none]
- Details
-
Vitest is a testing framework powered by Vite. The
__screenshot-errorhandler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network bybrowser.api.host: true, an attacker can send a request to that handler from remote to get the content of arbitrary files.This__screenshot-errorhandler on the browser mode HTTP server responds any file on the file system. This code was added by commit2d62051. Users explicitly exposing the browser mode server to the network bybrowser.api.host: truemay get any files exposed. This issue has been addressed in versions 2.1.9 and 3.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. - References
-
- https://github.com/vitest-dev/vitest/security/advisories/GHSA-8gvc-j273-4wm5
- https://github.com/vitest-dev/vitest/commit/2d62051f13b4b0939b2f7e94e88006d830dc4d1f
- https://github.com/vitest-dev/vitest/blob/f17918a79969d27a415f70431e08a9445b051e45/packages/browser/src/node/plugin.ts#L88-L130
- https://vitest.dev/guide/browser/config.html#browser-api
Affected packages
Git / github.com/vitest-dev/vitest
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vitest-dev/vitest
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.0.1
v0.0.10
v0.0.100
v0.0.101
v0.0.102
v0.0.103
v0.0.104
v0.0.105
v0.0.106
v0.0.107
v0.0.108
v0.0.109
v0.0.11
v0.0.110
v0.0.111
v0.0.112
v0.0.113
v0.0.114
v0.0.115
v0.0.116
v0.0.117
v0.0.118
v0.0.119
v0.0.12
v0.0.120
v0.0.121
v0.0.122
v0.0.123
v0.0.124
v0.0.125
v0.0.126
v0.0.127
v0.0.128
v0.0.129
v0.0.13
v0.0.130
v0.0.131
v0.0.132
v0.0.133
v0.0.134
v0.0.135
v0.0.136
v0.0.137
v0.0.138
v0.0.139
v0.0.14
v0.0.140
v0.0.141
v0.0.142
v0.0.15
v0.0.16
v0.0.17
v0.0.18
v0.0.19
v0.0.2
v0.0.20
v0.0.21
v0.0.22
v0.0.23
v0.0.24
v0.0.25
v0.0.26
v0.0.27
v0.0.28
v0.0.29
v0.0.3
v0.0.30
v0.0.31
v0.0.32
v0.0.33
v0.0.34
v0.0.35
v0.0.36
v0.0.37
v0.0.38
v0.0.39
v0.0.4
v0.0.40
v0.0.41
v0.0.42
v0.0.43
v0.0.44
v0.0.45
v0.0.46
v0.0.47
v0.0.48
v0.0.49
v0.0.5
v0.0.50
v0.0.51
v0.0.52
v0.0.53
v0.0.54
v0.0.55
v0.0.56
v0.0.57
v0.0.58
v0.0.59
v0.0.6
v0.0.60
v0.0.61
v0.0.62
v0.0.63
v0.0.64
v0.0.65
v0.0.66
v0.0.67
v0.0.68
v0.0.69
v0.0.7
v0.0.70
v0.0.71
v0.0.72
v0.0.73
v0.0.74
v0.0.75
v0.0.76
v0.0.77
v0.0.78
v0.0.79
v0.0.8
v0.0.80
v0.0.81
v0.0.82
v0.0.83
v0.0.84
v0.0.85
v0.0.86
v0.0.87
v0.0.88
v0.0.89
v0.0.9
v0.0.90
v0.0.91
v0.0.92
v0.0.93
v0.0.94
v0.0.95
v0.0.96
v0.0.97
v0.0.98
v0.0.99
v0.1.0
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.11.0
v0.12.0
v0.12.1
v0.12.10
v0.12.2
v0.12.3
v0.12.4
v0.12.5
v0.12.6
v0.12.7
v0.12.8
v0.12.9
v0.13.0
v0.13.1
v0.14.0
v0.14.1
v0.14.2
v0.15.0
v0.15.1
v0.15.2
v0.16.0
v0.17.0
v0.17.1
v0.18.0
v0.18.1
v0.19.0
v0.19.1
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.20.0
v0.20.1
v0.20.2
v0.20.3
v0.21.0
v0.21.1
v0.22.0
v0.22.1
v0.23.0
v0.23.1
v0.23.2
v0.23.3
v0.23.4
v0.24.0
v0.24.1
v0.24.2
v0.24.3
v0.24.4
v0.24.5
v0.25.0
v0.25.1
v0.25.2
v0.25.3
v0.25.4
v0.25.5
v0.25.6
v0.25.7
v0.25.8
v0.26.0
v0.26.1
v0.26.2
v0.26.3
v0.27.0
v0.27.1
v0.27.2
v0.27.3
v0.28.0
v0.28.1
v0.28.2
v0.28.3
v0.28.4
v0.28.5
v0.29.0
v0.29.1
v0.29.2
v0.29.3
v0.29.4
v0.29.5
v0.29.6
v0.29.7
v0.29.8
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.30.0
v0.30.1
v0.31.0
v0.31.1
v0.31.2
v0.31.3
v0.31.4
v0.32.0
v0.32.1
v0.32.2
v0.32.3
v0.32.4
v0.33.0
v0.33.0-2023-07-30
v0.34.0
v0.34.1
v0.34.2
v0.34.3
v0.34.4
v0.34.5
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.6.3
v0.7.0
v0.7.1
v0.7.10
v0.7.11
v0.7.12
v0.7.13
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.7.8
v0.7.9
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v1.*
v1.0.0
v1.0.0-beta.0
v1.0.0-beta.1
v1.0.0-beta.2
v1.0.0-beta.3
v1.0.0-beta.4
v1.0.0-beta.5
v1.0.0-beta.6
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v1.3.1
v1.4.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v2.*
v2.0.0
v2.0.0-beta.1
v2.0.0-beta.10
v2.0.0-beta.11
v2.0.0-beta.12
v2.0.0-beta.13
v2.0.0-beta.2
v2.0.0-beta.3
v2.0.0-beta.4
v2.0.0-beta.5
v2.0.0-beta.6
v2.0.0-beta.7
v2.0.0-beta.8
v2.0.0-beta.9
v2.0.1
v2.0.2
v2.0.3