Cherry

**Name of the Vulnerable Software and Affected Versions** Cloudflare Vite plugin versions prior to 1.6.0 **Description** The Cloudflare Vite plugin, when used with its default configuration, exposes files from the root directory via the local development server. This includes sensitive files such as `.env` and `.dev.vars` which may contain secret information. If the development server is exposed on a public network, an attacker may be able to acquire these secrets. This can occur when using tools like `wrangler` or `cloudflared` without proper configuration. Exposed files may also include `package.json` and `README.md`, potentially revealing dependencies and internal documentation. **Recommendations** Cloudflare Vite plugin versions prior to 1.6.0 should be updated to version 1.6.0 or later.