Directory Traversal

2022-06-1305:39:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

directory traversal

svg tags

file directories

EPSS

0.002

Percentile

56.1%

JSON

convert-svg-core is vulnerable to directory traversal. The vulnerability exists in Converter.js because the SVG tags are not properly sanitized which allows an attacker to access file directories via a specially crafted SVG file.

References

github.com/advisories/GHSA-5f47-rcg5-9m24

github.com/neocotic/convert-svg/commit/2bbc498c5029238637206661dbac9e44d37d17c5

github.com/neocotic/convert-svg/issues/86

github.com/neocotic/convert-svg/pull/87

EPSS

0.002

Percentile

56.1%

JSON

Related for VERACODE:35955