XSS Bypass

Moderate

darylldoyle published GHSA-fqx8-v33p-4qcc

Feb 13, 2022

Package

enshrined/svg-sanitize (Composer)

Affected versions

< 0.14.1

Patched versions

0.15.0

Description

Impact

This impacts all users of the svg-sanitizer library.

Patches

This issue is fixed in 0.15.0 and higher.

Workarounds

There is currently no workaround available without upgrading.

References

Are there any links users can visit to find out more?

For more information

If you have any questions or comments about this advisory:

Open an issue in Github
Email us at daryll@enshrined.co.uk

Severity

Moderate

6.2

/ 10

CVSS base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H