CNNVD-202509-2684 Information

CNNVD ID

CNNVD-202509-2684

Related CVE

CVE-2025-59341

• CNNVD Published: 2025-09-17

Description (Chinese)

esm.sh是esm.sh开源的一个内容分发网络。 esm.sh 136及之前版本存在安全漏洞，该漏洞源于服务URL处理不当，可能导致本地文件包含攻击。

Description (English)

esm.sh is an open-source content distribution network of esm.sh. There is a security gap in esm.sh 136 and earlier versions, which stems from the mishandling of the service URL, which may lead to local documentation containing an attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ESP32 Asynchronous Networking

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/esm-dev/esm.sh/blob/c62f191d32639314ff0525d1c3c0e19ea2b16143/server/router.go#L1168 https://github.com/esm-dev/esm.sh/security/advisories/GHSA-49pv-gwxp-532r