CVE-2026-27730

HIGH8.6EPSS 0.06%

esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route in github.com/esm-dev/esm.sh

發布日:2026/2/25修改日:2026/3/9

描述

esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route in github.com/esm-dev/esm.sh

受影響套件(2)

Go/github.com/esm-dev/esm.shfrom 0, < 0.0.0-20250616164159-0593516c4cfa
Go/github.com/esm-dev/esm.shfrom 0, < 0.0.0-20250616164159-0593516c4cfa

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

參考連結(6)