GHSA-67mh-4wv8-2f99: esbuild enables any website to send any requests to the development server and read the response

February 10, 2025

esbuild allows any websites to send any request to the development server and read the response due to default CORS settings.

References

github.com/advisories/GHSA-67mh-4wv8-2f99
github.com/evanw/esbuild
github.com/evanw/esbuild/commit/de85afd65edec9ebc44a11e245fd9e9a2e99760d
github.com/evanw/esbuild/security/advisories/GHSA-67mh-4wv8-2f99

Code Behaviors & Features

Detect and mitigate GHSA-67mh-4wv8-2f99 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →