https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Wed, 10 Jun 2026 04:36:00 +0000 https://vulnerability.circl.lu/sighting/21ebf5b9-8aba-4a33-a51a-1243b57c2df6/export {"uuid": "21ebf5b9-8aba-4a33-a51a-1243b57c2df6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113899482179871247", "content": "", "creation_timestamp": "2025-01-27T08:56:13.482898Z"} {"uuid": "21ebf5b9-8aba-4a33-a51a-1243b57c2df6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113899482179871247", "content": "", "creation_timestamp": "2025-01-27T08:56:13.482898Z"} https://vulnerability.circl.lu/sighting/21ebf5b9-8aba-4a33-a51a-1243b57c2df6/export Mon, 27 Jan 2025 08:56:13 +0000 https://vulnerability.circl.lu/sighting/1827b1d2-5889-49b1-90cf-c50fe0729a30/export {"uuid": "1827b1d2-5889-49b1-90cf-c50fe0729a30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgpm4e7jvk2r", "content": "", "creation_timestamp": "2025-01-27T09:15:32.515514Z"} {"uuid": "1827b1d2-5889-49b1-90cf-c50fe0729a30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgpm4e7jvk2r", "content": "", "creation_timestamp": "2025-01-27T09:15:32.515514Z"} https://vulnerability.circl.lu/sighting/1827b1d2-5889-49b1-90cf-c50fe0729a30/export Mon, 27 Jan 2025 09:15:32 +0000 https://vulnerability.circl.lu/sighting/e62226e8-a6cb-490e-8a1a-91fb51e3d700/export {"uuid": "e62226e8-a6cb-490e-8a1a-91fb51e3d700", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://t.me/cvedetector/16447", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-52012 - Apache Solr Relative Path Traversal Zip Slip\", \n \"Content\": \"CVE ID : CVE-2024-52012 \nPublished : Jan. 27, 2025, 9:15 a.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : Relative Path Traversal vulnerability in Apache Solr. \n \nSolr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the \"configset upload\" API.\u00a0 Commonly known as a \"zipslip\", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem.\u00a0\u00a0 \nThis issue affects Apache Solr: from 6.6 through 9.7.0. \n \nUsers are recommended to upgrade to version 9.8.0, which fixes the issue.\u00a0 Users unable to upgrade may also safely prevent the issue by using Solr's \"Rule-Based Authentication Plugin\" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T11:48:52.000000Z"} {"uuid": "e62226e8-a6cb-490e-8a1a-91fb51e3d700", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://t.me/cvedetector/16447", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-52012 - Apache Solr Relative Path Traversal Zip Slip\", \n \"Content\": \"CVE ID : CVE-2024-52012 \nPublished : Jan. 27, 2025, 9:15 a.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : Relative Path Traversal vulnerability in Apache Solr. \n \nSolr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the \"configset upload\" API.\u00a0 Commonly known as a \"zipslip\", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem.\u00a0\u00a0 \nThis issue affects Apache Solr: from 6.6 through 9.7.0. \n \nUsers are recommended to upgrade to version 9.8.0, which fixes the issue.\u00a0 Users unable to upgrade may also safely prevent the issue by using Solr's \"Rule-Based Authentication Plugin\" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T11:48:52.000000Z"} https://vulnerability.circl.lu/sighting/e62226e8-a6cb-490e-8a1a-91fb51e3d700/export Mon, 27 Jan 2025 11:48:52 +0000 https://vulnerability.circl.lu/sighting/a53dcaf0-d91f-40db-9164-965b418a7e5b/export {"uuid": "a53dcaf0-d91f-40db-9164-965b418a7e5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lgpx52oyws22", "content": "", "creation_timestamp": "2025-01-27T12:32:50.231480Z"} {"uuid": "a53dcaf0-d91f-40db-9164-965b418a7e5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lgpx52oyws22", "content": "", "creation_timestamp": "2025-01-27T12:32:50.231480Z"} https://vulnerability.circl.lu/sighting/a53dcaf0-d91f-40db-9164-965b418a7e5b/export Mon, 27 Jan 2025 12:32:50 +0000 https://vulnerability.circl.lu/sighting/1b35919f-75b4-4104-b6db-7bc7c35d2e12/export {"uuid": "1b35919f-75b4-4104-b6db-7bc7c35d2e12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgpy3rlhua2h", "content": "", "creation_timestamp": "2025-01-27T12:49:57.658070Z"} {"uuid": "1b35919f-75b4-4104-b6db-7bc7c35d2e12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgpy3rlhua2h", "content": "", "creation_timestamp": "2025-01-27T12:49:57.658070Z"} https://vulnerability.circl.lu/sighting/1b35919f-75b4-4104-b6db-7bc7c35d2e12/export Mon, 27 Jan 2025 12:49:57 +0000 https://vulnerability.circl.lu/sighting/ea2527f4-0274-4c35-b263-5e051194b40f/export {"uuid": "ea2527f4-0274-4c35-b263-5e051194b40f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/113900760592649826", "content": "", "creation_timestamp": "2025-01-27T14:21:21.313816Z"} {"uuid": "ea2527f4-0274-4c35-b263-5e051194b40f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/113900760592649826", "content": "", "creation_timestamp": "2025-01-27T14:21:21.313816Z"} https://vulnerability.circl.lu/sighting/ea2527f4-0274-4c35-b263-5e051194b40f/export Mon, 27 Jan 2025 14:21:21 +0000 https://vulnerability.circl.lu/sighting/4627832d-ae95-4f1a-8fa6-b1b458865880/export {"uuid": "4627832d-ae95-4f1a-8fa6-b1b458865880", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://bsky.app/profile/tmjintel.bsky.social/post/3lgsrkq7gq32n", "content": "", "creation_timestamp": "2025-01-28T15:31:03.281333Z"} {"uuid": "4627832d-ae95-4f1a-8fa6-b1b458865880", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://bsky.app/profile/tmjintel.bsky.social/post/3lgsrkq7gq32n", "content": "", "creation_timestamp": "2025-01-28T15:31:03.281333Z"} https://vulnerability.circl.lu/sighting/4627832d-ae95-4f1a-8fa6-b1b458865880/export Tue, 28 Jan 2025 15:31:03 +0000 https://vulnerability.circl.lu/sighting/ce027598-1e59-4ec3-b03d-3fd297657a53/export {"uuid": "ce027598-1e59-4ec3-b03d-3fd297657a53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-52012", "type": "published-proof-of-concept", "source": "https://blog.securelayer7.net/cve-2024-52012-apache-solr-zip-slip-rce-attack/", "content": "", "creation_timestamp": "2026-04-09T04:00:00.000000Z"} {"uuid": "ce027598-1e59-4ec3-b03d-3fd297657a53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-52012", "type": "published-proof-of-concept", "source": "https://blog.securelayer7.net/cve-2024-52012-apache-solr-zip-slip-rce-attack/", "content": "", "creation_timestamp": "2026-04-09T04:00:00.000000Z"} https://vulnerability.circl.lu/sighting/ce027598-1e59-4ec3-b03d-3fd297657a53/export Thu, 09 Apr 2026 04:00:00 +0000 https://vulnerability.circl.lu/sighting/7b20b084-269f-4f60-86dd-591b7b067a1b/export {"uuid": "7b20b084-269f-4f60-86dd-591b7b067a1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52011", "type": "seen", "source": "https://gist.github.com/alon710/8b99e8a330b30729487263e5e6c526a7", "content": "# CVE-2024-52011: CVE-2024-52011: Remote Command Injection in ViteJS launch-editor\n\n> **CVSS Score:** 7.5\n> **Published:** 2026-06-03\n> **Full Report:** https://cvereports.com/reports/CVE-2024-52011\n\n## Summary\nCVE-2024-52011 is a critical command injection vulnerability in the ViteJS launch-editor utility (versions prior to 2.9.0) affecting Windows environments. Unsanitized command-line arguments can lead to remote code execution on a developer workstation via cross-origin requests targeting the local development server.\n\n## TL;DR\nViteJS launch-editor before version 2.9.0 on Windows fails to validate line numbers parsed from filenames, allowing remote attackers to trigger arbitrary command execution on developer workstations via cross-origin HTTP requests targeting the local development server.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-77\n- **Attack Vector**: Network / Cross-Origin HTTP Request\n- **CVSS Score**: 7.5 (High)\n- **EPSS Score**: 0.0006\n- **Impact**: Remote Code Execution (RCE)\n- **Exploit Status**: Proof-of-Concept Available\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Vite Development Server\n- launch-editor (npm package)\n- Windows Operating System\n- **launch-editor**: < 2.9.0 (Fixed in: `2.9.0`)\n- **vite**: < 5.4.9 (Fixed in: `5.4.9`)\n\n## Mitigation\n\n- Upgrade launch-editor to version 2.9.0 or higher.\n- Upgrade vite to version 5.4.9 or higher.\n- Enforce strict host header validation and cross-origin controls on development servers.\n- Utilize browser plugins or local firewalls to block cross-origin requests targeting localhost.\n\n**Remediation Steps:**\n1. Verify the installed launch-editor and vite versions in package-lock.json or yarn.lock.\n2. Run 'npm install launch-editor@latest' or 'npm update vite' to apply security updates.\n3. Restart any running local development servers to apply the patched versions.\n\n## References\n\n- [GitHub Security Advisory GHSA-c27g-q93r-2cwf](https://github.com/vitejs/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf)\n- [NVD - CVE-2024-52011](https://nvd.nist.gov/vuln/detail/CVE-2024-52011)\n- [CVE Org Authority Record - CVE-2024-52011](https://www.cve.org/CVERecord?id=CVE-2024-52011)\n- [Official Fix Commit](https://github.com/vitejs/launch-editor/commit/971291e8a6a91226e1616c5c0ec85423d2d50a5e)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2024-52011) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-03T18:51:02.000000Z"} {"uuid": "7b20b084-269f-4f60-86dd-591b7b067a1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52011", "type": "seen", "source": "https://gist.github.com/alon710/8b99e8a330b30729487263e5e6c526a7", "content": "# CVE-2024-52011: CVE-2024-52011: Remote Command Injection in ViteJS launch-editor\n\n> **CVSS Score:** 7.5\n> **Published:** 2026-06-03\n> **Full Report:** https://cvereports.com/reports/CVE-2024-52011\n\n## Summary\nCVE-2024-52011 is a critical command injection vulnerability in the ViteJS launch-editor utility (versions prior to 2.9.0) affecting Windows environments. Unsanitized command-line arguments can lead to remote code execution on a developer workstation via cross-origin requests targeting the local development server.\n\n## TL;DR\nViteJS launch-editor before version 2.9.0 on Windows fails to validate line numbers parsed from filenames, allowing remote attackers to trigger arbitrary command execution on developer workstations via cross-origin HTTP requests targeting the local development server.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-77\n- **Attack Vector**: Network / Cross-Origin HTTP Request\n- **CVSS Score**: 7.5 (High)\n- **EPSS Score**: 0.0006\n- **Impact**: Remote Code Execution (RCE)\n- **Exploit Status**: Proof-of-Concept Available\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Vite Development Server\n- launch-editor (npm package)\n- Windows Operating System\n- **launch-editor**: < 2.9.0 (Fixed in: `2.9.0`)\n- **vite**: < 5.4.9 (Fixed in: `5.4.9`)\n\n## Mitigation\n\n- Upgrade launch-editor to version 2.9.0 or higher.\n- Upgrade vite to version 5.4.9 or higher.\n- Enforce strict host header validation and cross-origin controls on development servers.\n- Utilize browser plugins or local firewalls to block cross-origin requests targeting localhost.\n\n**Remediation Steps:**\n1. Verify the installed launch-editor and vite versions in package-lock.json or yarn.lock.\n2. Run 'npm install launch-editor@latest' or 'npm update vite' to apply security updates.\n3. Restart any running local development servers to apply the patched versions.\n\n## References\n\n- [GitHub Security Advisory GHSA-c27g-q93r-2cwf](https://github.com/vitejs/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf)\n- [NVD - CVE-2024-52011](https://nvd.nist.gov/vuln/detail/CVE-2024-52011)\n- [CVE Org Authority Record - CVE-2024-52011](https://www.cve.org/CVERecord?id=CVE-2024-52011)\n- [Official Fix Commit](https://github.com/vitejs/launch-editor/commit/971291e8a6a91226e1616c5c0ec85423d2d50a5e)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2024-52011) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-03T18:51:02.000000Z"} https://vulnerability.circl.lu/sighting/7b20b084-269f-4f60-86dd-591b7b067a1b/export Wed, 03 Jun 2026 18:51:02 +0000 https://vulnerability.circl.lu/sighting/08000e06-87df-4fab-8dd7-ac4b4dc8b60d/export {"uuid": "08000e06-87df-4fab-8dd7-ac4b4dc8b60d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52011", "type": "seen", "source": "https://gist.github.com/alon710/af9fd1f0bf5e15b0603c7992be5645c7", "content": "# CVE-2024-52011: CVE-2024-52011: Remote Command Injection in ViteJS launch-editor\n\n> **CVSS Score:** 7.5\n> **Published:** 2026-06-03\n> **Full Report:** https://cvereports.com/reports/CVE-2024-52011\n\n## Summary\nCVE-2024-52011 is a critical command injection vulnerability in the ViteJS launch-editor utility (versions prior to 2.9.0) affecting Windows environments. Unsanitized command-line arguments can lead to remote code execution on a developer workstation via cross-origin requests targeting the local development server.\n\n## TL;DR\nViteJS launch-editor before version 2.9.0 on Windows fails to validate line numbers parsed from filenames, allowing remote attackers to trigger arbitrary command execution on developer workstations via cross-origin HTTP requests targeting the local development server.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-77\n- **Attack Vector**: Network / Cross-Origin HTTP Request\n- **CVSS Score**: 7.5 (High)\n- **EPSS Score**: 0.0006\n- **Impact**: Remote Code Execution (RCE)\n- **Exploit Status**: Proof-of-Concept Available\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Vite Development Server\n- launch-editor (npm package)\n- Windows Operating System\n- **launch-editor**: < 2.9.0 (Fixed in: `2.9.0`)\n- **vite**: < 5.4.9 (Fixed in: `5.4.9`)\n\n## Mitigation\n\n- Upgrade launch-editor to version 2.9.0 or higher.\n- Upgrade vite to version 5.4.9 or higher.\n- Enforce strict host header validation and cross-origin controls on development servers.\n- Utilize browser plugins or local firewalls to block cross-origin requests targeting localhost.\n\n**Remediation Steps:**\n1. Verify the installed launch-editor and vite versions in package-lock.json or yarn.lock.\n2. Run 'npm install launch-editor@latest' or 'npm update vite' to apply security updates.\n3. Restart any running local development servers to apply the patched versions.\n\n## References\n\n- [GitHub Security Advisory GHSA-c27g-q93r-2cwf](https://github.com/vitejs/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf)\n- [NVD - CVE-2024-52011](https://nvd.nist.gov/vuln/detail/CVE-2024-52011)\n- [CVE Org Authority Record - CVE-2024-52011](https://www.cve.org/CVERecord?id=CVE-2024-52011)\n- [Official Fix Commit](https://github.com/vitejs/launch-editor/commit/971291e8a6a91226e1616c5c0ec85423d2d50a5e)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2024-52011) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-03T19:00:57.000000Z"} {"uuid": "08000e06-87df-4fab-8dd7-ac4b4dc8b60d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52011", "type": "seen", "source": "https://gist.github.com/alon710/af9fd1f0bf5e15b0603c7992be5645c7", "content": "# CVE-2024-52011: CVE-2024-52011: Remote Command Injection in ViteJS launch-editor\n\n> **CVSS Score:** 7.5\n> **Published:** 2026-06-03\n> **Full Report:** https://cvereports.com/reports/CVE-2024-52011\n\n## Summary\nCVE-2024-52011 is a critical command injection vulnerability in the ViteJS launch-editor utility (versions prior to 2.9.0) affecting Windows environments. Unsanitized command-line arguments can lead to remote code execution on a developer workstation via cross-origin requests targeting the local development server.\n\n## TL;DR\nViteJS launch-editor before version 2.9.0 on Windows fails to validate line numbers parsed from filenames, allowing remote attackers to trigger arbitrary command execution on developer workstations via cross-origin HTTP requests targeting the local development server.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-77\n- **Attack Vector**: Network / Cross-Origin HTTP Request\n- **CVSS Score**: 7.5 (High)\n- **EPSS Score**: 0.0006\n- **Impact**: Remote Code Execution (RCE)\n- **Exploit Status**: Proof-of-Concept Available\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Vite Development Server\n- launch-editor (npm package)\n- Windows Operating System\n- **launch-editor**: < 2.9.0 (Fixed in: `2.9.0`)\n- **vite**: < 5.4.9 (Fixed in: `5.4.9`)\n\n## Mitigation\n\n- Upgrade launch-editor to version 2.9.0 or higher.\n- Upgrade vite to version 5.4.9 or higher.\n- Enforce strict host header validation and cross-origin controls on development servers.\n- Utilize browser plugins or local firewalls to block cross-origin requests targeting localhost.\n\n**Remediation Steps:**\n1. Verify the installed launch-editor and vite versions in package-lock.json or yarn.lock.\n2. Run 'npm install launch-editor@latest' or 'npm update vite' to apply security updates.\n3. Restart any running local development servers to apply the patched versions.\n\n## References\n\n- [GitHub Security Advisory GHSA-c27g-q93r-2cwf](https://github.com/vitejs/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf)\n- [NVD - CVE-2024-52011](https://nvd.nist.gov/vuln/detail/CVE-2024-52011)\n- [CVE Org Authority Record - CVE-2024-52011](https://www.cve.org/CVERecord?id=CVE-2024-52011)\n- [Official Fix Commit](https://github.com/vitejs/launch-editor/commit/971291e8a6a91226e1616c5c0ec85423d2d50a5e)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2024-52011) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-03T19:00:57.000000Z"} https://vulnerability.circl.lu/sighting/08000e06-87df-4fab-8dd7-ac4b4dc8b60d/export Wed, 03 Jun 2026 19:00:57 +0000