UBUNTU-CVE-2026-15697

Source
https://ubuntu.com/security/CVE-2026-15697
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-15697.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-15697
Upstream
Published
2026-07-14T16:16:00Z
Modified
2026-07-15T19:46:14.826369304Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

A vulnerability was found in svgdotjs svg.js up to 3.2.5. This affects the function EventTarget.on of the file svgdotjs/svg.js of the component npm Package API. Performing a manipulation results in improperly controlled modification of object prototype attributes. The attack may be initiated remotely. The project was informed of the problem early through an issue report but has not responded yet.

References

Affected packages

Ubuntu:26.04:LTS / node-svgdotjs-svg.js

Package

Name
node-svgdotjs-svg.js
Purl
pkg:deb/ubuntu/node-svgdotjs-svg.js?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*
3.2.4-5
3.2.5+dfsg-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "3.2.5+dfsg-1",
            "binary_name": "node-svgdotjs-svg.js"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-15697.json"