Skip to content

[0.81]Component Governance critical alert Upgrade esbuild from 0.23.1 to 0.25.0 to fix the vulnerability. #15459

New issue
New issue
Open
Bug
Open
[0.81]Component Governance critical alert Upgrade esbuild from 0.23.1 to 0.25.0 to fix the vulnerability.#15459
Bug
Labels
bugsecurityPull requests that address a security vulnerability
Milestone
0.82
@HariniMalothu17

Description

@HariniMalothu17
HariniMalothu17
opened on Dec 8, 2025

Summary
esbuild allows any websites to send any request to the development server and read the response due to default CORS settings.

Details
esbuild sets Access-Control-Allow-Origin: * header to all requests, including the SSE connection, which allows any websites to send any request to the development server and read the response.
Recommendation
Upgrade esbuild from 0.23.1 to 0.25.0 to fix the vulnerability.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugsecurityPull requests that address a security vulnerability

    Type

    Bug

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions