Filtered by vendor Convert-svg-core Project
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24429 | 1 Convert-svg-core Project | 1 Convert-svg-core | 2024-09-17 | 7.5 High |
| The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file. | ||||
| CVE-2022-25759 | 1 Convert-svg-core Project | 1 Convert-svg-core | 2024-09-16 | 9.9 Critical |
| The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload. | ||||
| CVE-2021-23631 | 1 Convert-svg-core Project | 1 Convert-svg-core | 2024-09-16 | 7.5 High |
| This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file. | ||||
Page 1 of 1.