While working on react-zoom-pan-pinch project, I scanned the dependency manifest and found that it uses a vulnerable version of vite. The scan revealed a path traversal issue where the dev server may allow access to files outside the project root (such as source maps) via crafted ../ paths, potentially exposing sensitive information if the server is publicly accessible.
CVE Report
CVE Link
While working on react-zoom-pan-pinch project, I scanned the dependency manifest and found that it uses a vulnerable version of
vite. The scan revealed a path traversal issue where the dev server may allow access to files outside the project root (such as source maps) via crafted../paths, potentially exposing sensitive information if the server is publicly accessible.CVE Report
CVE Link