Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.13 views

CVE-2026-44593

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

8.7CVSS5.9AI score0.00362EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 4:16 p.m.20 views

CVE-2026-44593

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

8.7CVSS0.00362EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 2:44 p.m.13 views

EUVD-2026-32910

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

8.7CVSS5.9AI score0.00362EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 2:44 p.m.10 views

CVE-2026-44593

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

8.7CVSS5.9AI score0.00362EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/28 2:44 p.m.32 views

CVE-2026-44593 esm.sh: Legacy Route Path Traversal Can Lead to RCE

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

8.7CVSS0.00362EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 2:44 p.m.20 views

CVE-2026-44593

esm.sh (no-build CDN) vulnerable to path traversal in legacy_router.go. In versions up to 137, the router concatenates request path components without sanitization, generating a storage key that can resolve to arbitrary filesystem paths (example: writing to /tmp/pwned). This allows an attacker to...

8.7CVSS5.9AI score0.00362EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 10:22 p.m.4 views

GHSA-3636-H3VX-6465 esm.sh: Legacy Route Path Traversal Can Lead to RCE

Impact - Arbitrary File Write – An attacker can cause the server to write data to any file path it has write permission for. - Privilege Escalation / RCE – By overwriting critical binaries or scripts, the attacker can execute arbitrary code with the server’s privileges. Exploit The legacy router...

8.7CVSS6.4AI score0.00362EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.15 views

PT-2026-40542

Name of the Vulnerable Software and Affected Versions esm.sh versions 137 and earlier Description The legacy router retrieves a response from legacyServer, parses the request path, and writes data to storage using the buildStorage.Put function. Because the router concatenates path components...

8.7CVSS6.5AI score0.00362EPSS
Exploits0References6
Rows per page
Query Builder