Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary Code Injection
Vulnerability Description
The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
convert-svg 代码注入漏洞
Vulnerability Description
convert-svg是开源的一系列的开源软件,用于将SVG格式的文件转换为其他的格式。 convert-svg 0.6.3 之前的版本存在安全漏洞,该漏洞源于使用特制的 SVG 文件,可以从文件系统中读取任意文件,然后将文件内容显示为转换后的 PNG 文件。
CVSS Information
N/A
Vulnerability Type
N/A