EPSS
Percentile
29.4%
@finastra/ssr-pages is vulnerable to path traversal. An attacker can access files outside the expected directory by providing a malicious input to the iconName parameter in the inlineSVG function of inlineSVG.helper.js
iconName
inlineSVG
inlineSVG.helper.js
github.com/Finastra/ssr-pages/commit/c3e4c563384ae3ba3892f37dd190218577620780
github.com/Finastra/ssr-pages/pull/1
github.com/Finastra/ssr-pages/pull/1/commits/c3e4c563384ae3ba3892f37dd190218577620780
github.com/Finastra/ssr-pages/security/advisories/GHSA-w6cx-qg2q-rvq8