Lucene search
SnykCVELIST:CVE-2022-24278HistoryJun 10, 2022 - 8:05 p.m.
CVE-2022-24278 Directory Traversal
2022-06-1020:05:32
snyk
www.cve.org
1
cve-2022-24278
directory traversal
svg tags
vulnerable package
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P
AI Score
9.6
Confidence
High
EPSS
0.002
Percentile
56.1%
The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file.
CNA Affected
[
{
"product": "convert-svg-core",
"vendor": "n/a",
"versions": [
{
"lessThan": "0.6.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
github
github
Directory traversal in convert-svg-core
2022-06-11 00:00:18
veracode
veracode
Directory Traversal
2022-06-13 05:39:17
nvd
nvd
CVE-2022-24278
2022-06-10 20:15:07
osv
osv
CVE-2022-24278
2022-06-10 20:15:07
Directory traversal in convert-svg-core
2022-06-11 00:00:18
prion
prion
Directory traversal
2022-06-10 20:15:00
cve
cve
CVE-2022-24278
2022-06-10 20:15:07
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P
AI Score
9.6
Confidence
High
EPSS
0.002
Percentile
56.1%
Related for CVELIST:CVE-2022-24278