Lucene search
GoogleOSV:CVE-2022-24429HistoryJun 10, 2022 - 8:15 p.m.
CVE-2022-24429
2022-06-1020:15:08
Google
osv.dev
6
cve-2022-24429
arbitrary code injection
svg file
file system
png file conversion
software
EPSS
0.001
Percentile
50.3%
The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file.
Related
cvelist
cvelist
CVE-2022-24429 Arbitrary Code Injection
2022-06-10 20:00:38
nvd
nvd
CVE-2022-24429
2022-06-10 20:15:08
prion
prion
Code injection
2022-06-10 20:15:00
cve
cve
CVE-2022-24429
2022-06-10 20:15:08
veracode
veracode
Arbitrary Code Injection
2022-06-13 08:03:03
osv
osv
Code injection via SVG file in convert-svg-core
2022-06-11 00:00:17
github
github
Code injection via SVG file in convert-svg-core
2022-06-11 00:00:17