CVE-2022-32115

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/idno/known

Identifiers

GHSA-5jgj-h9wp-53fr, CVE-2022-32115

Package Slug

packagist/idno/known

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file.

Affected Versions

All versions up to 1.3.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-07-26

source