7 matches found
SUSE CVE-2015-0250
XML external entity XXE vulnerability in the SVG to 1 PNG and 2 JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file...
@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +40 more potentially affected by CVE-2021-23631 via convert-svg-to-png (>=0.3.3 <=0.5.0)
convert-svg-to-png NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =1.0.3, =0.0.1, =1.4.0, =1.5.0 and more Source cves: CVE-2021-23631 Source advisory: OSV:GHSA-JV7G-9G6Q-CXVW...
GHSA-JV7G-9G6Q-CXVW Path Traversal in convert-svg packages
This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file...
CVE-2021-23631
CVE-2021-23631 affects convert-svg-core, convert-svg-to-png, and convert-svg-to-jpeg. A crafted SVG can trigger Directory Traversal via the SVG File Handler, enabling an attacker to read arbitrary filesystem files and render their contents as a PNG/JPEG image. Affected software is the entire vers...
convert-svg 路径遍历漏洞
convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in convert-svg, which can be exploited by an attacker to read an arbitrary file from the filesystem via a carefully constructed SVG file and then display the...
@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +40 more potentially affected by CVE-2021-23631 via convert-svg-to-png (>=0.3.3 <=0.5.0)
convert-svg-to-png NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =1.0.3, =0.0.1, =1.4.0, =1.5.0 and more Source cves: CVE-2021-23631 Source advisory: SNYK:JS-CONVERTSVGTOPNG-2348244...
PT-2015-4542 · Apache +2 · Apache Batik +2
Name of the Vulnerable Software and Affected Versions: Apache Batik versions 1.x before 1.8 Description: The issue is related to an XML external entity XXE vulnerability in the SVG to PNG and JPG conversion classes. This allows remote attackers to read arbitrary files or cause a denial of service...