CNNVD-202601-2946 Information

CNNVD ID

CNNVD-202601-2946

Related CVE

CVE-2026-23644

• CNNVD Published: 2026-01-18

Description (Chinese)

esm.sh是esm.sh开源的一个内容分发网络。 esm.sh存在路径遍历漏洞，该漏洞源于路径清理不完整，可能导致路径遍历。

Description (English)

esm.sh is an open-source content distribution network of esm.sh. Esm.sh has a loophole in its path, which stems from incomplete path clean-up, which may lead to a path pass.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

esm.sh

Published

2026-01-18

Last Modified

2026-02-24

References

https://github.com/esm-dev/esm.sh/security/advisories/GHSA-2657-3c98-63jq https://github.com/esm-dev/esm.sh/commit/c62ab83c589e7b421a0e1376d2a00a4e48161093 https://github.com/esm-dev/esm.sh/commit/9d77b88c320733ff6689d938d85d246a3af9af16 https://pkg.go.dev/vuln/GO-2025-4138 https://access.redhat.com/security/cve/cve-2026-23644