RSS   Vulnerabilities for 'Convert-svg-core'   RSS

2022-06-10
 
CVE-2022-24429

CWE-94
 

 
The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file.

 
2022-01-21
 
CVE-2021-23631

CWE-22
 

 
This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file.

 


Copyright 2024, cxsecurity.com

 

Back to Top