VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-4fzm-kvpq-7kcm

Essentials
Severities (30)
References (13)
Severity details (28)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-4fzm-kvpq-7kcm
Aliases	CVE-2024-31207 GHSA-8jhw-289h-jh2g
Summary	Vite (French word for "quick", pronounced /vit/, like "veet") is a frontend build tooling to improve the frontend development experience.`server.fs.deny` does not deny requests for patterns with directories. This vulnerability has been patched in version(s) 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.18.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-284	Improper Access Control
CWE-425	Direct Request ('Forced Browsing')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	5.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-31207.json
epss	0.00239	https://api.first.org/data/v1/epss?cve=CVE-2024-31207
epss	0.00239	https://api.first.org/data/v1/epss?cve=CVE-2024-31207
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-8jhw-289h-jh2g
cvssv3.1	5.9	https://github.com/vitejs/vite
generic_textual	MODERATE	https://github.com/vitejs/vite
cvssv3.1	5.9	https://github.com/vitejs/vite/commit/011bbca350e447d1b499d242804ce62738c12bc0
generic_textual	MODERATE	https://github.com/vitejs/vite/commit/011bbca350e447d1b499d242804ce62738c12bc0
ssvc	Track	https://github.com/vitejs/vite/commit/011bbca350e447d1b499d242804ce62738c12bc0
cvssv3.1	5.9	https://github.com/vitejs/vite/commit/5a056dd2fc80dbafed033062fe6aaf4717309f48
generic_textual	MODERATE	https://github.com/vitejs/vite/commit/5a056dd2fc80dbafed033062fe6aaf4717309f48
ssvc	Track	https://github.com/vitejs/vite/commit/5a056dd2fc80dbafed033062fe6aaf4717309f48
cvssv3.1	5.9	https://github.com/vitejs/vite/commit/89c7c645f09d16a38f146ef4a1528f218e844d67
generic_textual	MODERATE	https://github.com/vitejs/vite/commit/89c7c645f09d16a38f146ef4a1528f218e844d67
ssvc	Track	https://github.com/vitejs/vite/commit/89c7c645f09d16a38f146ef4a1528f218e844d67
cvssv3.1	5.9	https://github.com/vitejs/vite/commit/96a7f3a41ef2f9351c46f3ab12489bb4efa03cc9
generic_textual	MODERATE	https://github.com/vitejs/vite/commit/96a7f3a41ef2f9351c46f3ab12489bb4efa03cc9
ssvc	Track	https://github.com/vitejs/vite/commit/96a7f3a41ef2f9351c46f3ab12489bb4efa03cc9
cvssv3.1	5.9	https://github.com/vitejs/vite/commit/ba5269cca81de3f5fbb0f49d58a1c55688043258
generic_textual	MODERATE	https://github.com/vitejs/vite/commit/ba5269cca81de3f5fbb0f49d58a1c55688043258
ssvc	Track	https://github.com/vitejs/vite/commit/ba5269cca81de3f5fbb0f49d58a1c55688043258
cvssv3.1	5.9	https://github.com/vitejs/vite/commit/d2db33f7d4b96750b35370c70dd2c35ec3b9b649
generic_textual	MODERATE	https://github.com/vitejs/vite/commit/d2db33f7d4b96750b35370c70dd2c35ec3b9b649
ssvc	Track	https://github.com/vitejs/vite/commit/d2db33f7d4b96750b35370c70dd2c35ec3b9b649
cvssv3.1	5.9	https://github.com/vitejs/vite/security/advisories/GHSA-8jhw-289h-jh2g
cvssv3.1_qr	MODERATE	https://github.com/vitejs/vite/security/advisories/GHSA-8jhw-289h-jh2g
generic_textual	MODERATE	https://github.com/vitejs/vite/security/advisories/GHSA-8jhw-289h-jh2g
ssvc	Track	https://github.com/vitejs/vite/security/advisories/GHSA-8jhw-289h-jh2g
cvssv3.1	5.9	https://nvd.nist.gov/vuln/detail/CVE-2024-31207
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-31207

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-31207.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-31207
		https://github.com/vitejs/vite
011bbca350e447d1b499d242804ce62738c12bc0		https://github.com/vitejs/vite/commit/011bbca350e447d1b499d242804ce62738c12bc0
2273531		https://bugzilla.redhat.com/show_bug.cgi?id=2273531
5a056dd2fc80dbafed033062fe6aaf4717309f48		https://github.com/vitejs/vite/commit/5a056dd2fc80dbafed033062fe6aaf4717309f48
89c7c645f09d16a38f146ef4a1528f218e844d67		https://github.com/vitejs/vite/commit/89c7c645f09d16a38f146ef4a1528f218e844d67
96a7f3a41ef2f9351c46f3ab12489bb4efa03cc9		https://github.com/vitejs/vite/commit/96a7f3a41ef2f9351c46f3ab12489bb4efa03cc9
ba5269cca81de3f5fbb0f49d58a1c55688043258		https://github.com/vitejs/vite/commit/ba5269cca81de3f5fbb0f49d58a1c55688043258
CVE-2024-31207		https://nvd.nist.gov/vuln/detail/CVE-2024-31207
d2db33f7d4b96750b35370c70dd2c35ec3b9b649		https://github.com/vitejs/vite/commit/d2db33f7d4b96750b35370c70dd2c35ec3b9b649
GHSA-8jhw-289h-jh2g		https://github.com/advisories/GHSA-8jhw-289h-jh2g
GHSA-8jhw-289h-jh2g		https://github.com/vitejs/vite/security/advisories/GHSA-8jhw-289h-jh2g

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-31207.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/vitejs/vite

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/vitejs/vite/commit/011bbca350e447d1b499d242804ce62738c12bc0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T17:23:36Z/ Found at https://github.com/vitejs/vite/commit/011bbca350e447d1b499d242804ce62738c12bc0

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/vitejs/vite/commit/5a056dd2fc80dbafed033062fe6aaf4717309f48

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T17:23:36Z/ Found at https://github.com/vitejs/vite/commit/5a056dd2fc80dbafed033062fe6aaf4717309f48

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/vitejs/vite/commit/89c7c645f09d16a38f146ef4a1528f218e844d67

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T17:23:36Z/ Found at https://github.com/vitejs/vite/commit/89c7c645f09d16a38f146ef4a1528f218e844d67

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/vitejs/vite/commit/96a7f3a41ef2f9351c46f3ab12489bb4efa03cc9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T17:23:36Z/ Found at https://github.com/vitejs/vite/commit/96a7f3a41ef2f9351c46f3ab12489bb4efa03cc9

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/vitejs/vite/commit/ba5269cca81de3f5fbb0f49d58a1c55688043258

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T17:23:36Z/ Found at https://github.com/vitejs/vite/commit/ba5269cca81de3f5fbb0f49d58a1c55688043258

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/vitejs/vite/commit/d2db33f7d4b96750b35370c70dd2c35ec3b9b649

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T17:23:36Z/ Found at https://github.com/vitejs/vite/commit/d2db33f7d4b96750b35370c70dd2c35ec3b9b649

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/vitejs/vite/security/advisories/GHSA-8jhw-289h-jh2g

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T17:23:36Z/ Found at https://github.com/vitejs/vite/security/advisories/GHSA-8jhw-289h-jh2g

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-31207

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.47227
EPSS Score	0.00239
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:34:27.821008+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/31xxx/CVE-2024-31207.json	38.6.0