11 matches found
EUVD-2025-29764
Malicious code in bioql PyPI...
GO-2025-3967 esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header in github.com/esm-dev/esm.sh
esm.sh has arbitrary file write via path traversal in X-Zone-Id header in github.com/esm-dev/esm.sh...
CVE-2025-59342
esm.sh is a nobuild content delivery networkCDN for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a...
esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header
Summary A path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a filesystem path but is not properly canonicalized or restricted to the application’s...
GHSA-G2H5-CVVR-7GMW esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header
Summary A path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a filesystem path but is not properly canonicalized or restricted to the application’s...
CVE-2025-59342
esm.sh is a nobuild content delivery networkCDN for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a...
CVE-2025-59342 esm.sh writes arbitrary files via path traversal in `X-Zone-Id` header
esm.sh is a nobuild content delivery networkCDN for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a...
CVE-2025-59342 esm.sh writes arbitrary files via path traversal in `X-Zone-Id` header
esm.sh is a nobuild content delivery networkCDN for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a...
CVE-2025-59342
esm.sh (nobuild CDN) has a path traversal flaw via the X-Zone-Id header that allows writing files outside the intended storage directory. The issue affects version 136 and earlier; the header is used to build a filesystem path without proper canonicalization or storage-base confinement, enabling ...
esm.sh 安全漏洞
esm.sh is a content delivery network open-sourced by esm.sh. A security vulnerability exists in esm.sh version 136 and earlier, which stems from improper handling of the X-Zone-Id HTTP header and could lead to a path traversal attack...
PT-2025-38248
Name of the Vulnerable Software and Affected Versions esm.sh versions 136 and earlier Description A path-traversal flaw exists in the handling of the X-Zone-Id HTTP header. The header value is used to construct a filesystem path without proper sanitization or restriction to the application’s...