GHSA-XC2R-JF2X-GJR8 external-svg-loader Cross-site Scripting vulnerability
Summary According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivially bypassed. This allows an attacker to craft a malicious SVG which can result in XSS. Details When trying to...