CNNVD-202511-2179 Information

CNNVD ID

CNNVD-202511-2179

Related CVE

CVE-2025-65025

• CNNVD Published: 2025-11-19

Description (Chinese)

esm.sh是esm.sh开源的一个内容分发网络。 esm.sh 136之前版本存在路径遍历漏洞，该漏洞源于NPM包解压过程中存在路径遍历，可能导致任意文件写入。

Description (English)

esm.sh is an open-source content distribution network of esm.sh. There was a loophole in the previous version of esm.sh 136, which stemmed from the routing of the NPM package, which could lead to any document being written.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

esm.sh

Published

2025-11-19

Last Modified

2026-02-24

References

https://github.com/esm-dev/esm.sh/security/advisories/GHSA-h3mw-4f23-gwpw https://github.com/esm-dev/esm.sh/commit/9d77b88c320733ff6689d938d85d246a3af9af16 https://access.redhat.com/security/cve/cve-2025-65025

Patch

https://github.com/esm-dev/esm.sh/releases