GHSA-5f47-rcg5-9m24
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5f47-rcg5-9m24
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-5f47-rcg5-9m24/GHSA-5f47-rcg5-9m24.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5f47-rcg5-9m24
- Aliases
- Published
- 2022-06-11T00:00:18Z
- Modified
- 2025-01-14T10:56:57.191623Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Directory traversal in convert-svg-core
- Details
-
The package convert-svg-core before 0.6.4 is vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file.
- Database specific
{ "nvd_published_at": "2022-06-10T20:15:00Z", "github_reviewed_at": "2022-06-17T00:56:38Z", "github_reviewed": true, "cwe_ids": [ "CWE-22" ], "severity": "HIGH" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-24278
- https://github.com/neocotic/convert-svg/issues/86
- https://github.com/neocotic/convert-svg/pull/87
- https://github.com/neocotic/convert-svg/commit/2bbc498c5029238637206661dbac9e44d37d17c5
- https://github.com/neocotic/convert-svg
- https://snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-2859830
Affected packages
npm / convert-svg-core
Package
- Name
- convert-svg-core
- View open source insights on deps.dev
- Purl
- pkg:npm/convert-svg-core