AIKIDO-2025-10640
sirv is vulnerable to Path Traversal
60
Medium Risk
This Affects:
sirvTL;DR
Affected versions of this package are vulnerable to Directory Traversal due to improper path sanitization. An attacker could exploit this vulnerability by crafting a request containing relative path sequences (e.g., ../) to escape the intended serving directory. It could allow access to arbitrary files on the server's file system, potentially leading to the disclosure of sensitive information.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
sirv is vulnerable to Path Traversal in versions 0.2.5 - 3.0.1.
How to fix this
Upgrade the sirv library to the patch version.
Links
GitHub Release
Fix Commits
github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997ebgithub.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600dgithub.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaecgithub.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant