Lucene search
GoogleOSV:GHSA-54PX-MHWV-5V8XHistoryJun 11, 2022 - 12:00 a.m.
Code injection via SVG file in convert-svg-core
2022-06-1100:00:17
Google
osv.dev
10
convert-svg-core
vulnerability
code injection
svg file
file system
software
png file
EPSS
0.001
Percentile
50.3%
The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file.
Related
nvd
nvd
CVE-2022-24429
2022-06-10 20:15:08
cvelist
cvelist
CVE-2022-24429 Arbitrary Code Injection
2022-06-10 20:00:38
osv
osv
CVE-2022-24429
2022-06-10 20:15:08
prion
prion
Code injection
2022-06-10 20:15:00
cve
cve
CVE-2022-24429
2022-06-10 20:15:08
veracode
veracode
Arbitrary Code Injection
2022-06-13 08:03:03
github
github
Code injection via SVG file in convert-svg-core
2022-06-11 00:00:17