PT-2022-16826 · Ssr-Pages · Ssr-Pages

Published

2022-03-01

Updated

2022-03-09

CVE-2022-24718

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions ssr-pages versions prior to 0.1.4

Description ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). A path traversal issue can occur when providing untrusted input to the svg property as an argument to the build(MessagePageOptions) function.

Recommendations For versions prior to 0.1.4, update to version 0.1.4 to resolve the issue. As a temporary workaround, consider restricting the input to the svg property to prevent untrusted data from being passed to the build(MessagePageOptions) function.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2022-24718

GHSA-W6CX-QG2Q-RVQ8

Affected Products

Ssr-Pages

PT-2022-16826 · Ssr-Pages · Ssr-Pages

CVE-2022-24718

Weakness Enumeration

Related Identifiers

Affected Products

References · 10