-
Arbitrary file write via tarslip in esm.sh (CVE-2025-65025)카테고리 없음 2025. 11. 19. 07:09
https://github.com/esm-dev/esm.sh/security/advisories/GHSA-h3mw-4f23-gwpw
Arbitrary file write via tarslip
### Summary The esm.sh CDN service is vulnerable to a Path Traversal (CWE-22) vulnerability during NPM package tarball extraction. An attacker can craft a malicious NPM package containing speci...
github.com
댓글