CVE-2025-59341

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-59341

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-59341.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-59341

Aliases

Downstream

SUSE-SU-2025:3799-1

Related

SUSE-SU-2025:3799-1

Published

2025-09-17T17:55:25Z

Modified

2025-10-30T20:35:28.671352Z

Severity

7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator

Summary

Local File Inclusion in esm.sh

Details

esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a Local File Inclusion (LFI) issue was identified in the esm.sh service URL handling. An attacker could craft a request that causes the server to read and return files from the host filesystem (or other unintended file sources).

Database specific

{
    "cwe_ids": [
        "CWE-23"
    ]
}

References

Affected packages

Git / github.com/esm-dev/esm.sh

Affected ranges

Type

GIT

Repo

https://github.com/esm-dev/esm.sh

Events

Introduced

Last affected

1ad31b6352bb0a064ece812f6f360e4850e16051

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "136"
        }
    ]
}

Affected versions

Other

v100

v101

v102

v103

v104

v105

v106

v107

v108

v109

v110

v111

v112

v113

v114

v115

v116

v117

v119

v120

v121

v122

v123

v124

v125

v126

v127

v128

v129

v130

v131

v132

v133

v134

v135

v135_1

v136

v34

v35

v37

v38

v39

v40

v41

v43

v44

v45

v46

v47

v49

v50

v51

v52

v53

v55

v56

v57

v59

v60

v61

v62

v63

v64

v65

v66

v67

v68

v69

v70

v71

v72

v73

v74

v75

v76

v77

v78

v79

v80

v81

v82

v83

v84

v85

v86

v87

v88

v89

v90

v91

v92

v93

v94

v95

v96

v97

v98

v99