Skip to main content

Vite CVE-2022-35204

MEDIUM
Path Traversal (CWE-22)
2022-08-18 cve@mitre.org
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 18, 2022 - 19:15 nvd
MEDIUM 4.3

DescriptionNVD

Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service.

AnalysisAI

Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service. Affected products include: Vitejs Vite.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

More in Vite

View all
CVE-2025-31125 MEDIUM POC
5.3 Mar 31

Vite is a frontend tooling framework for javascript. Rated medium severity (CVSS 5.3), this vulnerability is remotely ex

CVE-2025-30208 MEDIUM POC
5.3 Mar 24

Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15,

CVE-2024-52011 HIGH POC
7.5 Jun 01

launch-editor allows users to open files with line numbers in editor from Node.js. Rated high severity (CVSS 7.5), this

CVE-2024-23331 HIGH POC
7.5 Jan 19

Vite is a frontend tooling framework for javascript. Rated high severity (CVSS 7.5), this vulnerability is remotely expl

CVE-2023-34092 HIGH POC
7.5 Jun 01

Vite provides frontend tooling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentic

CVE-2025-46565 MEDIUM POC
6.0 May 01

Vite is a frontend tooling framework for javascript. Rated medium severity (CVSS 6.0), this vulnerability is remotely ex

CVE-2023-49293 MEDIUM POC
6.1 Dec 04

Vite is a website frontend framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no a

CVE-2025-58751 LOW POC
2.3 Sep 08

Vite is a frontend tooling framework for JavaScript. Rated low severity (CVSS 2.3), this vulnerability is remotely explo

CVE-2025-58752 LOW POC
2.3 Sep 08

Vite is a frontend tooling framework for JavaScript. Rated low severity (CVSS 2.3), this vulnerability is remotely explo

CVE-2025-24010 MEDIUM POC
6.5 Jan 20

Vite is a frontend tooling framework for javascript. Rated medium severity (CVSS 6.5), this vulnerability is remotely ex

Share

CVE-2022-35204 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy