Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Octocat.js is a library used to render a set of options into an SVG. Versions prior to 1.2 are subject to JavaScript injection via user provided URLs. Users can include their own images for accessories via provided URLs. These URLs are not validated and can result in execution of injected code. This vulnerability was fixed in version 1.2 of octocat.js. As a workaround, writing an image to disk then using …