The package convert-svg-core before 0.6.4 is vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file.
{ "nvd_published_at": "2022-06-10T20:15:00Z", "github_reviewed_at": "2022-06-17T00:56:38Z", "github_reviewed": true, "cwe_ids": [ "CWE-22" ], "severity": "HIGH" }