Vite versions prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13 contain a file exposure vulnerability caused by improper handling of request URLs with '#' in the dev server running on Node or Bun, letting attackers access arbitrary files, exploit requires the server to be exposed to the network and running on Node or Bun.
登录后查看神龙缓存的 POC 文件快照
登录查看