3 matches found
PT-2026-40449
Name of the Vulnerable Software and Affected Versions Heym versions prior to 0.0.21 Description Authenticated users can write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. This occurs due to an unvalidated filename parameter in the uplo...
CVE-2025-59342
esm.sh is a nobuild content delivery networkCDN for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a...
PT-2025-38248
Name of the Vulnerable Software and Affected Versions esm.sh versions 136 and earlier Description A path-traversal flaw exists in the handling of the X-Zone-Id HTTP header. The header value is used to construct a filesystem path without proper sanitization or restriction to the application’s...