CVE-2022-25759
npm/convert-svg-core
Improper Control of Generation of Code ('Code Injection')
The package convert-svg-core before 0.6.2 is vulnerable to Remote Code Injection via sending an SVG file containing the payload.
All versions before 0.6.2
Upgrade to version 0.6.2 or above.
2022-07-26
source |