EUVD-2022-6244

Malicious code in bioql PyPI...

EUVD-2022-5930

Malicious code in bioql PyPI...

GHSA-5GXC-FXCR-9326 convert-svg-core vulnerable to remote code injection

The package convert-svg-core before 0.6.2 is vulnerable to Remote Code Injection via sending an SVG file containing the payload in an onload attribute. Puppeteer/Chromium used by convert-svg-core will execute any code within that tag, including malicious code. PoC Payload html where the id...

convert-svg-core vulnerable to remote code injection

The package convert-svg-core before 0.6.2 is vulnerable to Remote Code Injection via sending an SVG file containing the payload in an onload attribute. Puppeteer/Chromium used by convert-svg-core will execute any code within that tag, including malicious code. PoC Payload html where the id...

@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +42 more potentially affected by CVE-2022-25759 via convert-svg-core (>=0.3.3 <=0.5.0)

convert-svg-core NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =0.3.0, =0.3.0, =1.0.3, =1.2.1 and more Source cves: CVE-2022-25759 Source advisory: OSV:GHSA-5GXC-FXCR-9326...

CVE-2022-25759

The CVE-2022-25759 issue affects the convert-svg-core npm package, specifically versions before 0.6.2. It enables remote code injection by processing an SVG containing a payload (notably via an onload attribute). Impact is remote code execution when using the vulnerable library in conjunction wit...

CVE-2022-25759

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload...

convert-svg 代码注入漏洞

convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in versions of convert-svg prior to 0.6.2, which stems from the fact that by sending SVG files containing payloads, convert-svg-core is vulnerable to remote...

Directory traversal in convert-svg-core

The package convert-svg-core before 0.6.4 is vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file...

@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +42 more potentially affected by CVE-2022-24278 via convert-svg-core (>=0.3.3 <=0.5.0)

convert-svg-core NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =0.3.0, =0.3.0, =1.0.3, =1.2.1 and more Source cves: CVE-2022-24278 Source advisory: OSV:GHSA-5F47-RCG5-9M24...

GHSA-5F47-RCG5-9M24 Directory traversal in convert-svg-core

The package convert-svg-core before 0.6.4 is vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file...

@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +42 more potentially affected by CVE-2022-24429 via convert-svg-core (>=0.3.3 <=0.5.0)

convert-svg-core NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =0.3.0, =0.3.0, =1.0.3, =1.2.1 and more Source cves: CVE-2022-24429 Source advisory: OSV:GHSA-54PX-MHWV-5V8X...

GHSA-54PX-MHWV-5V8X Code injection via SVG file in convert-svg-core

The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file...

Code injection via SVG file in convert-svg-core

The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file...

CVE-2022-24278

The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file...

CVE-2022-24278

The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file...

CVE-2022-24278

The CVE-2022-24278 entry concerns convert-svg-core

CVE-2022-24429

The CVE-2022-24429 entry concerns convert-svg-core before 0.6.3, which is vulnerable to Arbitrary Code Injection via a specially crafted SVG file. Affected component is the SVG-to-PNG rendering flow; root cause involves improper handling/removal of malicious SVG attributes, enabling an attacker t...

CVE-2022-24429

The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file...

convert-svg 路径遍历漏洞

convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in versions of convert-svg prior to 0.6.4 that stems from improper cleaning of SVG tags...