CVE-2022-24278

Directory-traversal in convert-svg-core in npm/convert-svg-core

Identifiers

GHSA-5f47-rcg5-9m24, CVE-2022-24278

Package Slug

npm/convert-svg-core

Vulnerability

Directory-traversal in convert-svg-core

Description

The package convert-svg-core before 0.6.4 is vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file.

Affected Versions

All versions before 0.6.4

Solution

Upgrade to version 0.6.4 or above.

Last Modified

2022-06-17

source