Adi1

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 3.2.11 Vite versions prior to 4.5.5 Vite versions prior to 5.2.14 Vite versions prior to 5.3.6 Vite versions prior to 5.4.6 Description: The contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists. Recommendations: For versions prior to 3.2.11, upgrade to version 3.2.11 or later. For versions prior to 4.5.5, upgrade to version 4.5.5 or later. For versions prior to 5.2.14, upgrade to version 5.2.14 or later. For versions prior to 5.3.6, upgrade to version 5.3.6 or later. For versions prior to 5.4.6, upgrade to version 5.4.6 or later. As a temporary workaround, consider restricting access to the `@fs` module until a patch is available. Avoid using the `?import&raw` parameter in the affected URL until the issue is resolved.