Open wriches opened 3 days ago
The latest updates on your projects. Learn more about Vercel for Git ↗︎
Name | Status | Preview | Comments | Updated (UTC) |
---|---|---|---|---|
sui-docs | ❌ Failed (Inspect) | Jun 26, 2024 3:38pm |
Semgrep found 1 ssc-efa14576-9601-4ae6-939c-3da58aa25013
finding:
Risk: Affected versions of vite are vulnerable to Improper Handling Of Case Sensitivity / Exposure Of Sensitive Information To An Unauthorized Actor / Improper Access Control. The vulnerability arises when the Vite development server's option, server.fs.deny
, can be circumvented on case-insensitive file systems through the utilization of case-augmented versions of filenames, as the matcher derived from config.server.fs.deny
fails to prevent access to sensitive files when raw filesystem paths are requested with augmented casing.
Manual Review Advice: A vulnerability from this advisory is reachable if you host vite's development server on Windows, and you rely on server.fs.deny
to deny access to certain files
Fix: Upgrade this library to at least version 4.5.2 at sui/examples/trading/frontend/pnpm-lock.yaml:4700.
Reference(s): https://github.com/advisories/GHSA-c24v-8rfc-w8vw, CVE-2023-34092, CVE-2024-23331
Ignore this finding from ssc-efa14576-9601-4ae6-939c-3da58aa25013.
Description
Updated the trustless swap guide to a new reference format
Test plan
Local + Vercel preview