Directory traversal in convert-svg-core
High severity
GitHub Reviewed
Published
Jun 11, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Jun 10, 2022
Published to the GitHub Advisory Database
Jun 11, 2022
Reviewed
Jun 17, 2022
Last updated
Jan 27, 2023
The package convert-svg-core before 0.6.4 is vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file.
References