Arbitrary Code Injection
Overview @cocalc/hub is a CoCalc: Backend webserver component Affected versions of this package are vulnerable to Arbitrary Code Injection via uploading a crafted SVG file. An attacker can execute arbitrary code by uploading a specially crafted SVG file. Remediation A fix was pushed into the mast...