Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-qcbe-hxkd-wkf6
Vulnerability ID VCID-qcbe-hxkd-wkf6
Aliases CVE-2022-35204
GHSA-mv48-hcvh-8jj8
Summary Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.0097 https://api.first.org/data/v1/epss?cve=CVE-2022-35204
epss 0.0097 https://api.first.org/data/v1/epss?cve=CVE-2022-35204
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-mv48-hcvh-8jj8
cvssv3.1 8.6 https://github.com/vitejs/vite
cvssv4 8.7 https://github.com/vitejs/vite
generic_textual HIGH https://github.com/vitejs/vite
cvssv3.1 8.6 https://github.com/vitejs/vite/commit/6851009e6725b17608113a5a63474280075cae1c
cvssv4 8.7 https://github.com/vitejs/vite/commit/6851009e6725b17608113a5a63474280075cae1c
generic_textual HIGH https://github.com/vitejs/vite/commit/6851009e6725b17608113a5a63474280075cae1c
cvssv3.1 8.6 https://github.com/vitejs/vite/commit/e109d64331d9fa57753832762c3573c3532a6947
cvssv4 8.7 https://github.com/vitejs/vite/commit/e109d64331d9fa57753832762c3573c3532a6947
generic_textual HIGH https://github.com/vitejs/vite/commit/e109d64331d9fa57753832762c3573c3532a6947
cvssv3.1 8.6 https://github.com/vitejs/vite/issues/8498
cvssv4 8.7 https://github.com/vitejs/vite/issues/8498
generic_textual HIGH https://github.com/vitejs/vite/issues/8498
cvssv3.1 8.6 https://github.com/vitejs/vite/releases/tag/v2.9.13
cvssv4 8.7 https://github.com/vitejs/vite/releases/tag/v2.9.13
generic_textual HIGH https://github.com/vitejs/vite/releases/tag/v2.9.13
cvssv3.1 8.6 https://github.com/vitejs/vite/releases/tag/v3.0.0-beta.4
cvssv4 8.7 https://github.com/vitejs/vite/releases/tag/v3.0.0-beta.4
generic_textual HIGH https://github.com/vitejs/vite/releases/tag/v3.0.0-beta.4
cvssv3.1 8.6 https://nvd.nist.gov/vuln/detail/CVE-2022-35204
cvssv4 8.7 https://nvd.nist.gov/vuln/detail/CVE-2022-35204
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2022-35204
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-35204
https://github.com/vitejs/vite
https://github.com/vitejs/vite/commit/6851009e6725b17608113a5a63474280075cae1c
https://github.com/vitejs/vite/commit/e109d64331d9fa57753832762c3573c3532a6947
https://github.com/vitejs/vite/issues/8498
https://github.com/vitejs/vite/releases/tag/v2.9.13
https://github.com/vitejs/vite/releases/tag/v3.0.0-beta.4
https://nvd.nist.gov/vuln/detail/CVE-2022-35204
GHSA-mv48-hcvh-8jj8 https://github.com/advisories/GHSA-mv48-hcvh-8jj8
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/vitejs/vite
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/vitejs/vite
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/vitejs/vite/commit/6851009e6725b17608113a5a63474280075cae1c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/vitejs/vite/commit/6851009e6725b17608113a5a63474280075cae1c
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/vitejs/vite/commit/e109d64331d9fa57753832762c3573c3532a6947
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/vitejs/vite/commit/e109d64331d9fa57753832762c3573c3532a6947
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/vitejs/vite/issues/8498
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/vitejs/vite/issues/8498
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/vitejs/vite/releases/tag/v2.9.13
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/vitejs/vite/releases/tag/v2.9.13
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/vitejs/vite/releases/tag/v3.0.0-beta.4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/vitejs/vite/releases/tag/v3.0.0-beta.4
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-35204
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-35204
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.76967
EPSS Score 0.0097
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:51:50.140312+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-mv48-hcvh-8jj8/GHSA-mv48-hcvh-8jj8.json 38.6.0