This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| convert-svg-core(npm) | 0 | N/A | N/A |
| convert-svg-to-png(npm) | 0 | N/A | N/A |
| convert-svg-to-jpeg(npm) | 0 | N/A | N/A |
CVSS Metrics
