scratch-svg-renderer
npm2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting scratch-svg-rendererpage 1 of 1
- CVE-2020-27428MEDIUMCVSS 6.1EG 6.12022-01-06
A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file.
- CVE-2020-7750CRITICALCVSS 9.6EG 9.6✓ Fixed in 0.2.0-prerelease.202010191740082020-10-21
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.
Check whether scratch-svg-renderer is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for scratch-svg-renderer CVEs against the assets you own.
Start Free Scan →