https://tube.grossholtz.net/videos/watch/48703e0b-b5bf-4c20-87e1-e217780d95e0 Vite published a series of CVEs (security issues and their patches) recently. In this video we have a look how serious they are, what you should do (update!) and even try out one of the vulnerabilities with an older version. Links and Resources 🔗 First CVE (published January) https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6 🔗 ?raw?? CVE https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w 🔗 ?import query CVE https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8 🔗.svg & relative paths CVE https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq6g-qj4x 🔗Request Target CVE https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4 🎬 Package Overrides https://www.youtube.com/watch?v=8CS8PKB9rAQ Chaptermarks 00:00 Intro 00:43 Disclaimer & Update! 01:23 Important: Dev Server Only Vulnerability 02:02 First CVE - Any request to the dev server 04:39 Mitigation strategies 07:04 Testing out the exploit 10:12 With the mitigation in place 10:49 The group of four recent CVEs 15:35 What do that many CVEs mean? 16:44 Wrapping up Links marked with * are affiliate links. I get a small commission when you register for the service or buy the product through my link. This helps me keeping the channel running. I only include affiliate links for services or product mentioned that we use ourselves or have good experience with. Mon, 06 Apr 2026 01:18:46 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://tube.grossholtz.net https://tube.grossholtz.net/client/assets/images/icons/icon-512x512.png https://tube.grossholtz.net/videos/watch/48703e0b-b5bf-4c20-87e1-e217780d95e0 All rights reserved, unless otherwise specified in the terms specified at https://tube.grossholtz.net/about and potential licenses granted by each content's rightholder.