Security
Headlines

Headlines Latest CVEs

Headline

GHSA-5jgj-h9wp-53fr: Known vulnerable to code execution via SVG file in v1.3.1

An issue in the isSVG() function of Known v1.3.1 allows attackers to execute arbitrary code via a crafted SVG file.

The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev branch of the idno/known repository.

2 years ago

Known vulnerable to code execution via SVG file in v1.3.1

High severity GitHub Reviewed Published Jul 9, 2022 • Updated Jul 15, 2022

Related news

CVE-2022-32115: Known: social publishing for groups and individuals

An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file.

2 years ago

#web #js #git #java #auth

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

1 day ago

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

1 day ago

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

1 day ago

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

1 day ago

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

1 day ago