1059 matches found
Malicious code in convert-to-asyncawait (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9786b53801afcf1eba650cb050f41322844210309a7e7d324f5c6177d830a0d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2176 Malicious code in convert-to-asyncawait (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9786b53801afcf1eba650cb050f41322844210309a7e7d324f5c6177d830a0d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Directory traversal in convert-svg-core
The package convert-svg-core before 0.6.4 is vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file...
@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +42 more potentially affected by CVE-2022-24278 via convert-svg-core (>=0.3.3 <=0.5.0)
convert-svg-core NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =0.3.0, =0.3.0, =1.0.3, =1.2.1 and more Source cves: CVE-2022-24278 Source advisory: OSV:GHSA-5F47-RCG5-9M24...
GHSA-5F47-RCG5-9M24 Directory traversal in convert-svg-core
The package convert-svg-core before 0.6.4 is vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file...
@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +42 more potentially affected by CVE-2022-24429 via convert-svg-core (>=0.3.3 <=0.5.0)
convert-svg-core NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =0.3.0, =0.3.0, =1.0.3, =1.2.1 and more Source cves: CVE-2022-24429 Source advisory: OSV:GHSA-54PX-MHWV-5V8X...
GHSA-54PX-MHWV-5V8X Code injection via SVG file in convert-svg-core
The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file...
Code injection via SVG file in convert-svg-core
The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file...
CVE-2022-24278
The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file...
CVE-2022-24278
The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file...
CVE-2022-24278
The CVE-2022-24278 entry concerns convert-svg-core
CVE-2022-24429
The CVE-2022-24429 entry concerns convert-svg-core before 0.6.3, which is vulnerable to Arbitrary Code Injection via a specially crafted SVG file. Affected component is the SVG-to-PNG rendering flow; root cause involves improper handling/removal of malicious SVG attributes, enabling an attacker t...
CVE-2022-24429
The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file...
convert-svg 路径遍历漏洞
convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in versions of convert-svg prior to 0.6.4 that stems from improper cleaning of SVG tags...
convert-svg 代码注入漏洞
convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in versions of convert-svg prior to 0.6.3, which stems from the use of specially crafted SVG files that can read arbitrary files from the file system and the...
Directory Traversal
Overview convert-svg-core is a package that supports converting SVG into another format using headless Chromium. Affected versions of this package are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted...
@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +42 more potentially affected by CVE-2022-24278 via convert-svg-core (>=0.3.3 <=0.5.0)
convert-svg-core NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =0.3.0, =0.3.0, =1.0.3, =1.2.1 and more Source cves: CVE-2022-24278 Source advisory: SNYK:JS-CONVERTSVGCORE-2859830...
Arbitrary Code Injection
Overview convert-svg-core is a package that supports converting SVG into another format using headless Chromium. Affected versions of this package are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then...
@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +42 more potentially affected by CVE-2022-24429 via convert-svg-core (>=0.3.3 <=0.5.0)
convert-svg-core NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =0.3.0, =0.3.0, =1.0.3, =1.2.1 and more Source cves: CVE-2022-24429 Source advisory: SNYK:JS-CONVERTSVGCORE-2859212...
@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +42 more potentially affected by CVE-2022-25759 via convert-svg-core (>=0.3.3 <=0.5.0)
convert-svg-core NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =0.3.0, =0.3.0, =1.0.3, =1.2.1 and more Source cves: CVE-2022-25759 Source advisory: SNYK:JS-CONVERTSVGCORE-2849633...