@finastra/ssr-pages is vulnerable to path traversal. An attacker can access files outside the expected directory by providing a malicious input to the iconName
parameter in the inlineSVG
function of inlineSVG.helper.js
CPE | Name | Operator | Version |
---|---|---|---|
@finastra/ssr-pages | le | 0.1.3 | |
@finastra/ssr-pages | le | 0.1.3 |