49 matches found
SUSE CVE-2025-50180
esm.sh is a no-build content delivery network CDN for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability...
CVE-2025-50180
esm.sh is a no-build content delivery network CDN for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability...
CVE-2025-50180
CVE-2025-50180 affects esm.sh, a no-build CDN for web development. The NVD entry and Red Hat/OSV entries describe a full-response SSRF vulnerability in version 136 of esm.sh, enabling an attacker to retrieve information from internal websites. The issue is fixed in version 137. Connected document...
CVE-2025-50180 esm.sh is vulnerable to full-response SSRF
esm.sh is a no-build content delivery network CDN for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability...
CVE-2025-50180
esm.sh is a no-build content delivery network CDN for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability...
esm.sh 代码问题漏洞
esm.sh is an open-source content distribution network developed by esm.sh. Version 136 of esm.sh has a code vulnerability that stems from a complete server-side request forgery attack, which may lead to the retrieval of information from internal websites...
esm-dev 136 - Path Traversal
Exploit Title: esm-dev 136 - Path Traversal Date: 2025-07-11 Exploit Author: Byte Reaper Vendor Homepage: https://github.com/esm-dev/esm.sh Software Link: https://github.com/esm-dev/esm.sh CVE-2025-59342 - File : exploit.c - Date : 09/17/2025 - Target : esm-dev - Version: 136 - Target Endpoint :...
CVE-2025-65026
esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...
CVE-2025-65025
esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g.,...
CVE-2025-65025
esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g.,...
CVE-2025-65026 esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript
esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...
CVE-2025-65025
esm.sh CDN before v136 is vulnerable to path traversal during NPM tarball extraction. An attacker can craft a malicious package with file paths like package/../../tmp/evil.js, causing arbitrary files to be written outside the extraction directory when the tarball is unpacked. Multiple connected s...
CVE-2025-65025 esm.sh CDN service has arbitrary file write via tarslip
esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g.,...
CVE-2025-65025 esm.sh CDN service has arbitrary file write via tarslip
esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g.,...
esm.sh 路径遍历漏洞
esm.sh is a content distribution network open-sourced by esm.sh. A path traversal vulnerability exists in versions prior to esm.sh 136, which stems from path traversal during the decompression of NPM packages, and could lead to arbitrary file writes...
PT-2025-47503
Name of the Vulnerable Software and Affected Versions esm.sh versions prior to 136 Description The esm.sh CDN service is susceptible to a path traversal issue during the extraction of NPM package tarballs. An attacker can create a malicious NPM package with crafted file paths, such as...
PT-2025-47504
Name of the Vulnerable Software and Affected Versions esm.sh versions prior to 136 Description The esm.sh CDN service has an issue where CSS-to-JavaScript module conversion lacks proper sanitization. When a CSS file is requested with the ?module parameter, it is converted to a JavaScript module,...
Exploit for CVE-2025-59342
CVE-2025-59342 - Path Traversal esm-dev Author: Byte Reape...
esm.sh 安全漏洞
esm.sh is a content delivery network open-sourced by esm.sh. A security vulnerability exists in esm.sh version 136 and earlier, which stems from improper handling of service URLs and could lead to a local file inclusion attack...
PT-2025-38248
Name of the Vulnerable Software and Affected Versions esm.sh versions 136 and earlier Description A path-traversal flaw exists in the handling of the X-Zone-Id HTTP header. The header value is used to construct a filesystem path without proper sanitization or restriction to the application’s...