While working on smail project, I identified a vulnerability in the @cloudflare/vite-plugin package that can expose sensitive files (like .env or .dev.vars) via the local dev server. This issue occurs due to the default configuration, which serves all files, including secrets, if the server is accessible externally.
CVE Link
CVE Report
While working on smail project, I identified a vulnerability in the @cloudflare/vite-plugin package that can expose sensitive files (like .env or .dev.vars) via the local dev server. This issue occurs due to the default configuration, which serves all files, including secrets, if the server is accessible externally.
CVE Link
CVE Report