High severityNVD Advisory· Published Jun 21, 2021· Updated Aug 3, 2024
CVE-2021-29059
CVE-2021-29059
Description
A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
is-svgnpm | >= 2.1.0, < 4.3.0 | 4.3.0 |
Affected products
2- IS-SVG/IS-SVGdescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-r8j5-h5cx-65ggghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-29059ghsaADVISORY
- github.com/sindresorhus/is-svg/commit/732fc72779840c45a30817d3fe28e12058592b02ghsaWEB
- github.com/sindresorhus/is-svg/releases/tag/v4.3.0ghsax_refsource_MISCWEB
- github.com/yetingli/PoCs/blob/main/CVE-2021-29059/IS-SVG.mdghsax_refsource_MISCWEB
- github.com/yetingli/SaveResults/blob/main/js/is-svg.jsghsax_refsource_MISCWEB
- www.npmjs.com/package/is-svgghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.