4 matches found
CVE-2022-24278
creationtimestamp| type| source ---|---|--- 2022-06-11 00:34:45+00:00| seen| https://t.me/cibsecurity/44219...
@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +42 more potentially affected by CVE-2022-24278 via convert-svg-core (>=0.3.3 <=0.5.0)
convert-svg-core NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =0.3.0, =0.3.0, =1.0.3, =1.2.1 and more Source cves: CVE-2022-24278 Source advisory: OSV:GHSA-5F47-RCG5-9M24...
CVE-2022-24278 Directory Traversal
The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file...
CVE-2022-24278
The CVE-2022-24278 entry concerns convert-svg-core