DRUPAL-CONTRIB-2020-005

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/svg_formatter/DRUPAL-CONTRIB-2020-005.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2020-005
Published
2020-03-04T17:06:57Z
Modified
2025-12-10T23:30:54.435186Z
Summary
[none]
Details

SVG Formatter module provides support for using SVG images on your website.

This security release fixes third-party dependencies included in or required by SVG Formatter. XSS bypass using entities and tab.

This vulnerability is mitigated by the fact that an attacker must be able to upload SVG files.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/svg_formatter

Package

Name
drupal/svg_formatter
Purl
pkg:composer/drupal/svg_formatter

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.12.0
Database specific 
{
    "constraint": "<1.12.0"
}

Database specific

affected_versions 
"<1.12.0"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/svg_formatter/DRUPAL-CONTRIB-2020-005.json"