GHSA-HCPF-QV9M-VFGP esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript
Summary The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter, esm.sh converts it to a JavaScript module by embedding the CSS content directly into a...