CVE-2022-25759
Improper Control of Generation of Code ('Code Injection') in npm/convert-svg-core
Identifiers
CVE-2022-25759
Package Slug
npm/convert-svg-core
Vulnerability
Improper Control of Generation of Code ('Code Injection')
Description
The package convert-svg-core before 0.6.2 is vulnerable to Remote Code Injection via sending an SVG file containing the payload.
Affected Versions
All versions before 0.6.2
Solution
Upgrade to version 0.6.2 or above.
Last Modified
2022-07-26
| source |