CVE-2019-18857

Name of the Vulnerable Software and Affected Versions svg-sanitizer versions prior to 0.12.0

Description The issue concerns the mishandling of script and data values in attributes, which can be demonstrated by the presence of unexpected whitespace, such as in the javascript:alert substring. This indicates a potential problem with how the sanitizer processes certain types of input.

Recommendations For versions prior to 0.12.0, update to version 0.12.0 or later to resolve the issue. As a temporary workaround, consider restricting the input allowed for attributes to minimize the risk of exploitation.