Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Directory Traversal
Vulnerability Description
This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
convert-svg 路径遍历漏洞
Vulnerability Description
convert-svg是开源的一系列的开源软件,用于将SVG格式的文件转换为其他的格式。 convert-svg 存在安全漏洞,攻击者可利用该漏洞通过精心构建的SVG文件从文件系统中读取任意文件,然后将文件内容显示为转换后的PNG文件。以下产品和版本受到影响:convert-svg-core,convert-svg-to-png,convert-svg-to-jpeg
CVSS Information
N/A
Vulnerability Type
N/A