airmrcr/convert-svg

airmrcr/convert-svg

Releases15

Frequency6 months 2 weeks

Last Release about 1 year ago

Stars200

Node.js packages for converting SVG into other formats using headless Chromium

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-25759 ↗	Jul 22, 2022Friday, 22 July 2022, 20:15	9.9 CRITICAL	—
The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload.
CVE-2022-24429 ↗	Jun 10, 2022Friday, 10 June 2022, 20:15	7.5 HIGH	6.8 MEDIUM
The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file.
CVE-2022-24278 ↗	Jun 10, 2022Friday, 10 June 2022, 20:15	7.5 HIGH	7.5 HIGH
The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file.