CVE-2022-25759

Improper Control of Generation of Code ('Code Injection') in npm/convert-svg-core

Identifiers

CVE-2022-25759

Package Slug

npm/convert-svg-core

Vulnerability

Improper Control of Generation of Code ('Code Injection')

Description

The package convert-svg-core before 0.6.2 is vulnerable to Remote Code Injection via sending an SVG file containing the payload.

Affected Versions

All versions before 0.6.2

Solution

Upgrade to version 0.6.2 or above.

Last Modified

2022-07-26

source