CVE-2022-24278
Published
CVSS v3
7.5
HIGH
CVSS v2
7.5
HIGH
Affected
1
PROJECT
Description
The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file.
Node.js packages for converting SVG into other formats using headless Chromium
GitHub