CVE-2022-24278

GHSA-5f47-rcg5-9m24, CVE-2022-24278

npm/convert-svg-core

Directory-traversal in convert-svg-core

The package convert-svg-core before 0.6.4 is vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file.

All versions before 0.6.4

Upgrade to version 0.6.4 or above.

2022-06-17