ByteOS Network

NVD Vulnerability Details :

CVE-2025-24010

Received

Source-security-advisories@github.com

Published At-20 Jan, 2025 | 16:15

Updated At-20 Jan, 2025 | 16:15

Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-346	Primary	security-advisories@github.com
CWE-350	Primary	security-advisories@github.com
CWE-1385	Primary	security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6	security-advisories@github.com	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History