Convert Svg Core

convert-svg-core

Vendor: Convert Svg Core Project • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-25759 1Convert Svg Core Project 1Convert Svg Core Nov 21, 2024 Jul 22, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload.
CVE-2022-24429 1Convert Svg Core Project 1Convert Svg Core Nov 21, 2024 Jun 10, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a...Show more The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file.Show less
CVE-2021-23631 1Convert Svg Core Project 1Convert Svg Core Nov 21, 2024 Jan 21, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files f...Show more This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file.Show less