CVE-2025-59341 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a Local File Inclusion (LFI) issue was identified in the esm.s…
High CVSS: 7.7

CVE-2025-59341

esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a Local File Inclusion (LFI) issue was identified in the esm.sh service URL handling. An attacker could craft a request that causes the server to read and return files from the host filesystem (or other unintended file sources).
Vendor
-
Product
-
CWE
CWE-23
Yayın Tarihi
2025-09-17 18:15:53
Güncelleme
2025-09-18 13:43:34
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-23 HIGH 2025

Referanslar

https://github.com/esm-dev/esm.sh/blob/c62f191d32639314ff0525d1c3c0e19ea2b16143/server/router.go#L1168 https://github.com/esm-dev/esm.sh/security/advisories/GHSA-49pv-gwxp-532r