Lucene search
K

7 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:23 a.m.4 views

SUSE CVE-2015-0250

XML external entity XXE vulnerability in the SVG to 1 PNG and 2 JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file...

6.4CVSS7AI score0.16564EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2022/01/27 2:4 p.m.4 views

@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +40 more potentially affected by CVE-2021-23631 via convert-svg-to-png (>=0.3.3 <=0.5.0)

convert-svg-to-png NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =1.0.3, =0.0.1, =1.4.0, =1.5.0 and more Source cves: CVE-2021-23631 Source advisory: OSV:GHSA-JV7G-9G6Q-CXVW...

7.5CVSS7.1AI score0.01978EPSS
Exploits1
OSV
OSV
added 2022/01/27 2:4 p.m.2 views

GHSA-JV7G-9G6Q-CXVW Path Traversal in convert-svg packages

This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file...

7.5CVSS5.9AI score0.01978EPSS
Exploits1References6
CVE
CVE
added 2022/01/21 8:5 p.m.87 views

CVE-2021-23631

CVE-2021-23631 affects convert-svg-core, convert-svg-to-png, and convert-svg-to-jpeg. A crafted SVG can trigger Directory Traversal via the SVG File Handler, enabling an attacker to read arbitrary filesystem files and render their contents as a PNG/JPEG image. Affected software is the entire vers...

7.5CVSS7.4AI score0.01978EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2022/01/21 12:0 a.m.7 views

convert-svg 路径遍历漏洞

convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in convert-svg, which can be exploited by an attacker to read an arbitrary file from the filesystem via a carefully constructed SVG file and then display the...

7.5CVSS7.4AI score0.01978EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2021/09/05 3:50 p.m.4 views

@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +40 more potentially affected by CVE-2021-23631 via convert-svg-to-png (>=0.3.3 <=0.5.0)

convert-svg-to-png NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =1.0.3, =0.0.1, =1.4.0, =1.5.0 and more Source cves: CVE-2021-23631 Source advisory: SNYK:JS-CONVERTSVGTOPNG-2348244...

7.5CVSS7.1AI score0.01978EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2015/03/18 12:0 a.m.3 views

PT-2015-4542 · Apache +2 · Apache Batik +2

Name of the Vulnerable Software and Affected Versions: Apache Batik versions 1.x before 1.8 Description: The issue is related to an XML external entity XXE vulnerability in the SVG to PNG and JPG conversion classes. This allows remote attackers to read arbitrary files or cause a denial of service...

6.4CVSS8.4AI score0.16564EPSS
Exploits1References32
Rows per page
Query Builder