npm package
is-svg
pkg:npm/is-svg
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-29059 | — | >= 2.1.0, < 4.3.0 | 4.3.0 | Jun 21, 2021 | A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string. | ||
| CVE-2021-28092 | — | >= 2.1.0, < 4.2.2 | 4.2.2 | Mar 12, 2021 | The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time. |
- CVE-2021-29059Jun 21, 2021affected >= 2.1.0, < 4.3.0fixed 4.3.0
A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string.
- CVE-2021-28092Mar 12, 2021affected >= 2.1.0, < 4.2.2fixed 4.2.2
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time.