mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-05 10:17:57 +00:00
814 B
814 B
CVE-2022-24429
Description
The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file.
POC
Reference
- https://github.com/neocotic/convert-svg/issues/84
- https://snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-2859212
Github
No PoCs found on GitHub currently.