Kelbyludwig

**Name of the Vulnerable Software and Affected Versions** esm.sh versions prior to 0.0.0-20260116051925-c62ab83c589e **Description** esm.sh is a content delivery network for web development. Versions prior to pseudoversion 0.0.0-20260116051925-c62ab83c589e contain a path traversal issue. The issue stems from an incomplete fix where `path.Clean` normalizes a path but does not prevent absolute paths within a malicious tar file. **Recommendations** Update to version 0.0.0-20260116051925-c62ab83c589e or later.