CVE-2025-24964 | vitest-dev vitest up to 0.0.125/1.6.0/2.1.8/3.0.4 API Server missing origin validation in websockets (GHSA-9crc-q9x8-hgqq)

Inserito da Angelo Barbosa | Feb 4, 2025 | CVE

A vulnerability, which was classified as critical, has been found in vitest-dev vitest up to 0.0.125/1.6.0/2.1.8/3.0.4. This issue affects some unknown processing of the component API Server. The manipulation leads to missing origin validation in websockets.

The identification of this vulnerability is CVE-2025-24964. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-24964 | vitest-dev vitest up to 0.0.125/1.6.0/2.1.8/3.0.4 API Server missing origin validation in websockets (GHSA-9crc-q9x8-hgqq)

Post correlati

CVE-2024-6259 | zephyrproject-rtos Zephyr up to 3.6 HCI adv_ext_report heap-based overflow (GHSA-p5j7-v26w-wmcp)

CVE-2023-29483 | eventlet up to 0.35.1 DNS Resolution unknown vulnerability

CVE-2023-6627 | WP Go Maps Plugin up to 9.0.27 on WordPress REST API cross site scripting

CVE-2022-20654 | Cisco Webex Meetings up to 40.6.2 Web-based Interface cross site scripting (cisco-sa-webex-xss-FmbPu2pe)