CNNVD-202509-2681 Information

CNNVD ID

CNNVD-202509-2681

Related CVE

CVE-2025-59342

• CNNVD Published: 2025-09-17

Description (Chinese)

esm.sh是esm.sh开源的一个内容分发网络。 esm.sh 136及之前版本存在安全漏洞，该漏洞源于X-Zone-Id HTTP标头处理不当，可能导致路径遍历攻击。

Description (English)

esm.sh is an open-source content distribution network of esm.sh. There is a security loophole in esm.sh 136 and earlier versions, which stems from the mishandling of the X-Zone-Id HTTP marker, which could lead to a routing attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ESP32 Asynchronous Networking

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/esm-dev/esm.sh/blob/main/server/router.go#L411 https://github.com/esm-dev/esm.sh/security/advisories/GHSA-g2h5-cvvr-7gmw https://github.com/esm-dev/esm.sh/commit/833a29f42aeb0acbd7089a71be11dd0a292d3151 https://github.com/esm-dev/esm.sh/blob/main/server/router.go#L116 https://www.exploit-db.com/exploits/52461