GHSA-XC2R-JF2X-GJR8 external-svg-loader Cross-site Scripting vulnerability

Summary According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivially bypassed. This allows an attacker to craft a malicious SVG which can result in XSS. Details When trying to...

external-svg-loader Cross-site Scripting vulnerability

Summary According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivially bypassed. This allows an attacker to craft a malicious SVG which can result in XSS. Details When trying to...

@maggioli-design-system/mds-icon (=2.0.0-rc.1), esto-es-una-prueba-ui-components (=1.0.0) potentially affected by CVE-2023-40013 via external-svg-loader (>=1.4.0 <=1.6.8)

external-svg-loader NPM version =1.4.0, =1.6.8 is affected by a known vulnerability. The following packages have a transitive dependency on external-svg-loader and may be impacted: - @maggioli-design-system/mds-icon =2.0.0-rc.1 - esto-es-una-prueba-ui-components =1.0.0 Source cves: CVE-2023-40013...

SUSE-SU-2016:1260-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing '/etc/ImageMagick-/policy.xml' bsc978061 - CVE-2016-3714: Insufficient...