CVE-2019-18857
N/A
N/A
Summary
darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/darylldoyle/svg-sanitizer/commit/51ca4b713f3706d6b27769c6296bbc0c28a5bbd0
- https://github.com/darylldoyle/svg-sanitizer/compare/0.11.0…0.12.0
References
- https://github.com/darylldoyle/svg-sanitizer/commit/51ca4b713f3706d6b27769c6296bbc0c28a5bbd0
- https://github.com/darylldoyle/svg-sanitizer/compare/0.11.0…0.12.0
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.