vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| vite-plugin-static-copy(npm) | 3.0.0 | 3.1.2 | N/A |
| vite-plugin-static-copy(npm) | 0.4.3 | 2.3.2 | N/A |
CVSS Metrics
