Описание
Path Traversal in @finastra/ssr-pages
A path traversal issue can occur when providing untrusted input to the svg property as an argument to the build(MessagePageOptions) function.
References
Пакеты
Наименование
@finastra/ssr-pages
npm
Затронутые версииВерсия исправления
< 0.1.4
0.1.4
Связанные уязвимости
CVSS3: 7.6
nvd
почти 4 года назад
ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the `svg` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.4.