Vitest Arbitrary File Read Vulnerability in Browser Mode
Vulnerability
A vulnerability in Vitest's browser mode allows the HTTP server to respond with the contents of arbitrary files from the file system. This issue arises from the `__screenshot-error` handler, which was introduced in version 2.0.4 and is present in versions 2.1.8 and 3.0.0 through 3.0.3. When the server is exposed to the network with `browser.api.host: true`, an attacker can remotely access this handler and request files, potentially leading to unauthorized disclosure of sensitive information.
Impact
Exploitation of this vulnerability could result in unauthorized access to sensitive files on the server.
Reproduction
To reproduce this vulnerability, first ensure that the Vitest server is running in browser mode with `browser.api.host: true`. Then, send a request to the `__screenshot-error` handler, including a file path parameter. The server will respond with the contents of the specified file, demonstrating the arbitrary file read vulnerability.
Remediation
Users are advised to upgrade to Vitest versions 2.1.9 or 3.0.4 and later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.