react-native-windows icon indicating copy to clipboard operation
react-native-windows copied to clipboard
verified publisher icon microsoft

[0.81]Component Governance critical alert Upgrade esbuild from 0.23.1 to 0.25.0 to fix the vulnerability.

Open HariniMalothu17 opened this issue 1 month ago • 0 comments

Summary esbuild allows any websites to send any request to the development server and read the response due to default CORS settings.

Details esbuild sets Access-Control-Allow-Origin: * header to all requests, including the SSE connection, which allows any websites to send any request to the development server and read the response. Recommendation Upgrade esbuild from 0.23.1 to 0.25.0 to fix the vulnerability.

HariniMalothu17 avatar Dec 08 '25 09:12 HariniMalothu17