CVE-2025-59342 Scanner
CVE-2025-59342 Scanner - Path Traversal vulnerability in esm.sh
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
15 days 11 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
esm.sh is a JavaScript content delivery network (CDN) used by developers to import modules in JavaScript applications without building them locally. It is widely adopted for its simplicity and efficiency in managing front-end and back-end dependencies. The service is often integrated with frameworks like React and Angular to optimize and bundle JavaScript code. Developers use esm.sh to host and serve their JavaScript modules globally, ensuring faster loading times and reduced server strain. The platform's convenience makes it a staple in modern web development environments.
Path Traversal is a vulnerability that allows an attacker to access directories and execute commands outside of the intended file directory. This occurs when the software does not neutralize or improperly sanitizes input that specifies file paths. Attackers can manipulate input parameters to bypass security measures and write files in unauthorized directories. If left unaddressed, this vulnerability can lead to data tampering and system compromise. Such a flaw emphasizes the importance of proper input validation and security controls within web applications.
The Path Traversal vulnerability in esm.sh <= v136 exploits the improper handling of the X-Zone-Id HTTP header. By manipulating the header input, attackers can write files outside the intended storage directory. This vulnerability is activated by sending a crafted POST request to the "/transform" endpoint with customized header values. The vulnerable parameter "X-Zone-Id" can be exploited to traverse directories by adjusting its input, enabling unauthorized file write actions. Additionally, this flaw affects the file system by allowing modification of critical file locations.
Exploiting this Path Traversal vulnerability could lead to unauthorized file modifications, potentially resulting in a full system compromise. Attackers may alter critical configuration files or inject malicious scripts into the system, impacting the integrity and availability of the application. Such breaches can cause sensitive information exposure, allowing attackers to further penetrate the network infrastructure. There is also the risk of data destruction, which may disrupt services and lead to significant operational downtime.
REFERENCES
