Bug 2339011 (CVE-2025-24010)
| Summary: | CVE-2025-24010 vite: Vite allows any websites to send any requests to the development server and read the response | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | asoldano, bbaranow, bmaxwell, boliveir, brian.stansberry, brking, caswilli, cdewolf, chazlett, darran.lofthouse, dkreling, dosoudil, drichtar, fjuma, haoli, hkataria, istudens, ivassile, iweiss, jajackso, jcammara, jkoops, jmitchel, jneedle, jwong, kaycoth, kegrant, koliveir, kshier, lgao, mabashia, mosmerov, msochure, msvehla, nwallace, pbraun, pdrozd, peholase, pesilva, pjindal, pmackay, pskopek, rmartinc, rowaters, rstancel, shvarugh, simaishi, smaestri, smcdonal, stcannon, sthorger, teagle, tfister, thavo, tom.jenkinson, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the Vite frontend tooling framework for Node.js. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-01-20 16:01:19 UTC
|