flood icon indicating copy to clipboard operation
flood copied to clipboard
verified publisher icon jesec

vulnerability in flood project

Open ankitdn opened this issue 2 months ago • 3 comments

While working on flood project, I identified a vulnerability in the Vite package CVE-2025-62522 Vite Package Allows Server.fs.deny Bypass on Windows. The vulnerability occurs due to improper handling of file system access restrictions defined by server.fs.deny when running on Windows.

CVE Link CVE Report

ankitdn avatar Oct 21 '25 08:10 ankitdn

I don't think we are using vite in production or development

trim21 avatar Oct 21 '25 08:10 trim21

ok there is vite pulled by storybook, which is only used in development...

trim21 avatar Oct 21 '25 08:10 trim21

I don't think this is a vulnerability we need to take action, the only possible problem I can think of is some developer start a storybook development server and make is public...

I'll see if dependabot can fix this automatically.

trim21 avatar Oct 21 '25 09:10 trim21