PT-2021-24435 · Esbuild · Esbuild
Published
2021-05-28
·
Updated
2021-05-28
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions:
esbuild target or command versions prior to 1.0.0
Description:
The issue allows attackers to maliciously change project settings through code or option injection, potentially damaging the project. This can be done by exploiting the command line option.
Recommendations:
For versions prior to 1.0.0, update to version 1.0.0 or later, as it uses a proper method to pass configs to esbuild/estrella, thus resolving the issue.
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Esbuild