Hi,
I have just handled it.
Le 06/06/2023 à 05:35, GitHub a écrit :
GitHub
1 repository in your apache organization might be affected by a security
vulnerability in vite
Vite Server Options (server.fs.deny) can be bypassed using double
forward-slash (//)
High severity
vite
CVE-2023-34092
View all alerts
<https://github.com/advisories/GHSA-353f-5xf4-qw67/dependabot?query=user:apache>
apache/ofbiz-plugins
* example/vite-react-app/package-lock.json
<https://github.com/apache/ofbiz-plugins/security/dependabot/4>
You are receiving this email because your repository has Dependabot enabled. If you want to ship secure code, make sure it is enabled on all your
important repositories.
Sign in to GitHub <https://github.com/login> ・ Terms <https://docs.github.com/articles/github-terms-of-service/> ・ Privacy
<https://docs.github.com/articles/github-privacy-policy/> ・ Notification settings <https://github.com/settings/notifications>
GitHub, Inc. ・88 Colin P Kelly Jr Street ・San Francisco, CA 94107