CVE-2021-23631

Summary

This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file.

Affected Software

VendorProductVersion RangeStatus
n/aconvert-svg-core0 < unspecifiedaffected
n/aconvert-svg-to-png0 < unspecifiedaffected
n/aconvert-svg-to-jpeg0 < unspecifiedaffected

Weaknesses

  • Directory Traversal

ADP Enrichment

CVE Program Container

Additional References

References