NodeJS/is-svg/3.0.0


Check if a string is SVG

https://www.npmjs.com/package/is-svg
MIT

2 Security Vulnerabilities

Regular Expression Denial of Service (ReDoS)

Published date: 2021-03-19T21:25:50Z
CVE: CVE-2021-28092
Links:

The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input.

Affected versions: ["2.1.0", "3.0.0", "4.0.0", "4.1.0", "4.2.0", "4.2.1"]
Secure versions: [0.1.0, 0.1.1, 0.1.2, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 2.0.0, 2.0.1, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 5.0.0]
Recommendation: Update to version 5.0.0.

ReDOS in IS-SVG

Published date: 2021-12-10T19:02:37Z
CVE: CVE-2021-29059
Links:

A vulnerability was discovered in IS-SVG version 4.3.1 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string.

Affected versions: ["2.1.0", "3.0.0", "4.0.0", "4.1.0", "4.2.0", "4.2.1", "4.2.2"]
Secure versions: [0.1.0, 0.1.1, 0.1.2, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 2.0.0, 2.0.1, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 5.0.0]
Recommendation: Update to version 5.0.0.

22 Other Versions

Version License Security Released
5.0.0 MIT 2023-02-28 - 21:08 about 1 year
4.4.0 MIT 2023-02-28 - 20:54 about 1 year
4.3.2 MIT 2021-11-24 - 11:30 over 2 years
4.3.1 MIT 2021-03-16 - 17:02 about 3 years
4.3.0 MIT 2021-03-16 - 16:38 about 3 years
4.2.2 MIT 1 2021-03-11 - 09:47 about 3 years
4.2.1 MIT 2 2020-01-17 - 04:41 about 4 years
4.2.0 MIT 2 2019-05-30 - 05:55 almost 5 years
4.1.0 MIT 2 2019-04-05 - 21:28 almost 5 years
4.0.0 MIT 2 2019-03-06 - 06:54 about 5 years
3.0.0 MIT 2 2018-02-02 - 02:42 about 6 years
2.1.0 MIT 2 2016-11-04 - 14:32 over 7 years
2.0.1 MIT 2016-05-09 - 15:12 almost 8 years
2.0.0 MIT 2016-04-21 - 20:32 almost 8 years
1.1.1 MIT 2015-03-23 - 02:34 about 9 years
1.1.0 MIT 2015-03-17 - 15:19 about 9 years
1.0.2 MIT 2015-02-13 - 02:38 about 9 years
1.0.1 MIT 2014-12-09 - 05:16 over 9 years
1.0.0 MIT 2014-08-14 - 14:34 over 9 years
0.1.2 MIT 2014-04-29 - 19:13 almost 10 years
0.1.1 MIT 2014-04-21 - 17:21 almost 10 years
0.1.0 MIT 2014-04-21 - 17:19 almost 10 years