EPSS
Percentile
27.5%
enshrined/svg-sanitize is vulnerable to cross-site scripting. The library uses HTML in SVG markup, allowing an attacker to inject and execute malicious javascript on victim’s browser causing system hangs.
github.com/darylldoyle/svg-sanitizer/commit/17e12ba9c2881caa6b167d0fbea555c11207fbb0
github.com/darylldoyle/svg-sanitizer/issues/71
github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-fqx8-v33p-4qcc