3 matches found
CVE-2022-25759
creationtimestamp| type| source ---|---|--- 2022-07-23 00:00:16+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-5gxc-fxcr-9326 2022-07-23 00:23:46+00:00| seen| https://t.me/cibsecurity/46839 2024-04-23 20:00:31+00:00| seen| https://t.me/arpsyndicate/4775...
CVE-2022-25759
The CVE-2022-25759 issue affects the convert-svg-core npm package, specifically versions before 0.6.2. It enables remote code injection by processing an SVG containing a payload (notably via an onload attribute). Impact is remote code execution when using the vulnerable library in conjunction wit...
@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +42 more potentially affected by CVE-2022-25759 via convert-svg-core (>=0.3.3 <=0.5.0)
convert-svg-core NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =0.3.0, =0.3.0, =1.0.3, =1.2.1 and more Source cves: CVE-2022-25759 Source advisory: SNYK:JS-CONVERTSVGCORE-2849633...