PT-2026-58063 · Svgdotjs · Svg.Js

Wjm1

·

Publicado

2026-07-14

·

Atualizado

2026-07-14

·

CVE-2026-15697

CVSS v2.0

6.5

Média

VetorAV:N/AC:L/Au:S/C:P/I:P/A:P
A vulnerability was found in svgdotjs svg.js up to 3.2.5. This affects the function EventTarget.on of the file svgdotjs/svg.js of the component npm Package API. Performing a manipulation results in improperly controlled modification of object prototype attributes. The attack may be initiated remotely. The project was informed of the problem early through an issue report but has not responded yet.

Correção

Prototype Pollution

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-15697

Produtos afetados

Svg.Js