GHSA-G2H5-CVVR-7GMW esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header
Summary A path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a filesystem path but is not properly canonicalized or restricted to the application’s...