SUSE CVE-2025-50180

esm.sh is a no-build content delivery network CDN for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability...

CVE-2025-50180

esm.sh is a no-build content delivery network CDN for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability...

CVE-2025-50180 esm.sh is vulnerable to full-response SSRF

esm.sh is a no-build content delivery network CDN for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability...

CVE-2025-50180

esm.sh is a no-build content delivery network CDN for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability...

CVE-2025-50180

CVE-2025-50180 affects esm.sh, a no-build CDN for web development. The NVD entry and Red Hat/OSV entries describe a full-response SSRF vulnerability in version 136 of esm.sh, enabling an attacker to retrieve information from internal websites. The issue is fixed in version 137. Connected document...

esm.sh 代码问题漏洞

esm.sh is an open-source content distribution network developed by esm.sh. Version 136 of esm.sh has a code vulnerability that stems from a complete server-side request forgery attack, which may lead to the retrieval of information from internal websites...

esm-dev 136 - Path Traversal

Exploit Title: esm-dev 136 - Path Traversal Date: 2025-07-11 Exploit Author: Byte Reaper Vendor Homepage: https://github.com/esm-dev/esm.sh Software Link: https://github.com/esm-dev/esm.sh CVE-2025-59342 - File : exploit.c - Date : 09/17/2025 - Target : esm-dev - Version: 136 - Target Endpoint :...

CVE-2025-65025

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g.,...

CVE-2025-65026

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...

CVE-2025-65025

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g.,...

CVE-2025-65026 esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...

CVE-2025-65025 esm.sh CDN service has arbitrary file write via tarslip

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g.,...

CVE-2025-65025

esm.sh CDN before v136 is vulnerable to path traversal during NPM tarball extraction. An attacker can craft a malicious package with file paths like package/../../tmp/evil.js, causing arbitrary files to be written outside the extraction directory when the tarball is unpacked. Multiple connected s...

CVE-2025-65025 esm.sh CDN service has arbitrary file write via tarslip

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g.,...

PT-2025-47503

Name of the Vulnerable Software and Affected Versions esm.sh versions prior to 136 Description The esm.sh CDN service is susceptible to a path traversal issue during the extraction of NPM package tarballs. An attacker can create a malicious NPM package with crafted file paths, such as...

PT-2025-47504

Name of the Vulnerable Software and Affected Versions esm.sh versions prior to 136 Description The esm.sh CDN service has an issue where CSS-to-JavaScript module conversion lacks proper sanitization. When a CSS file is requested with the ?module parameter, it is converted to a JavaScript module,...

esm.sh 路径遍历漏洞

esm.sh is a content distribution network open-sourced by esm.sh. A path traversal vulnerability exists in versions prior to esm.sh 136, which stems from path traversal during the decompression of NPM packages, and could lead to arbitrary file writes...

Exploit for CVE-2025-59342

CVE-2025-59342 - Path Traversal esm-dev Author: Byte Reape...

esm.sh 安全漏洞

esm.sh is a content delivery network open-sourced by esm.sh. A security vulnerability exists in esm.sh version 136 and earlier, which stems from improper handling of the X-Zone-Id HTTP header and could lead to a path traversal attack...

esm.sh 安全漏洞

esm.sh is a content delivery network open-sourced by esm.sh. A security vulnerability exists in esm.sh version 136 and earlier, which stems from improper handling of service URLs and could lead to a local file inclusion attack...