Description
svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document.
Remediation
References
https://github.com/domenic/svg2png/issues/117
Related Vulnerabilities
CVE-2020-11023 Vulnerability in maven package org.webjars:jquery
CVE-2023-40812 Vulnerability in maven package org.opencrx:opencrx-core-models
CVE-2023-26486 Vulnerability in maven package org.webjars.npm:vega-functions
CVE-2020-7961 Vulnerability in maven package com.liferay.portal:portal-impl
CVE-2022-25912 Vulnerability in maven package org.webjars.npm:simple-git