CVE-2021-23631

Name of the Vulnerable Software and Affected Versions convert-svg-core versions all convert-svg-to-png versions all convert-svg-to-jpeg versions all

Description This issue allows an attacker to read arbitrary files from the file system using a specially crafted SVG file. The attacker could then show the file content as a converted PNG file.

Recommendations For convert-svg-core, consider disabling the SVG conversion functionality until a patch is available. For convert-svg-to-png, restrict access to the PNG conversion module to minimize the risk of exploitation. For convert-svg-to-jpeg, avoid using the JPEG conversion function with untrusted SVG files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.