NodeJS/is-svg/3.0.0
Check if a string is SVG
https://www.npmjs.com/package/is-svg
MIT
2 Security Vulnerabilities
Regular Expression Denial of Service (ReDoS)
Published date: 2021-03-19T21:25:50Z
CVE: CVE-2021-28092
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2021-28092
- https://github.com/advisories/GHSA-7r28-3m3f-r2pr
- https://github.com/sindresorhus/is-svg/commit/01f8a087fab8a69c3ac9085fbb16035907ab6a5b
- https://github.com/sindresorhus/is-svg/releases
- https://github.com/sindresorhus/is-svg/releases/tag/v4.2.2
- https://www.npmjs.com/package/is-svg
- https://security.netapp.com/advisory/ntap-20210513-0008/
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input.
Affected versions:
["2.1.0", "3.0.0", "4.0.0", "4.1.0", "4.2.0", "4.2.1"]
Secure versions:
[0.1.0, 0.1.1, 0.1.2, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 2.0.0, 2.0.1, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 5.0.0]
Recommendation:
Update to version 5.0.0.
ReDOS in IS-SVG
Published date: 2021-12-10T19:02:37Z
CVE: CVE-2021-29059
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2021-29059
- https://github.com/sindresorhus/is-svg/releases/tag/v4.3.0
- https://github.com/yetingli/PoCs/blob/main/CVE-2021-29059/IS-SVG.md
- https://github.com/yetingli/SaveResults/blob/main/js/is-svg.js
- https://www.npmjs.com/package/is-svg
- https://github.com/sindresorhus/is-svg/commit/732fc72779840c45a30817d3fe28e12058592b02
- https://github.com/advisories/GHSA-r8j5-h5cx-65gg
A vulnerability was discovered in IS-SVG version 4.3.1 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string.
Affected versions:
["2.1.0", "3.0.0", "4.0.0", "4.1.0", "4.2.0", "4.2.1", "4.2.2"]
Secure versions:
[0.1.0, 0.1.1, 0.1.2, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 2.0.0, 2.0.1, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 5.0.0]
Recommendation:
Update to version 5.0.0.
22 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
5.0.0 | MIT | 2023-02-28 - 21:08 | about 1 year | |
4.4.0 | MIT | 2023-02-28 - 20:54 | about 1 year | |
4.3.2 | MIT | 2021-11-24 - 11:30 | over 2 years | |
4.3.1 | MIT | 2021-03-16 - 17:02 | about 3 years | |
4.3.0 | MIT | 2021-03-16 - 16:38 | about 3 years | |
4.2.2 | MIT | 1 | 2021-03-11 - 09:47 | about 3 years |
4.2.1 | MIT | 2 | 2020-01-17 - 04:41 | over 4 years |
4.2.0 | MIT | 2 | 2019-05-30 - 05:55 | almost 5 years |
4.1.0 | MIT | 2 | 2019-04-05 - 21:28 | about 5 years |
4.0.0 | MIT | 2 | 2019-03-06 - 06:54 | about 5 years |
3.0.0 | MIT | 2 | 2018-02-02 - 02:42 | about 6 years |
2.1.0 | MIT | 2 | 2016-11-04 - 14:32 | over 7 years |
2.0.1 | MIT | 2016-05-09 - 15:12 | almost 8 years | |
2.0.0 | MIT | 2016-04-21 - 20:32 | about 8 years | |
1.1.1 | MIT | 2015-03-23 - 02:34 | about 9 years | |
1.1.0 | MIT | 2015-03-17 - 15:19 | about 9 years | |
1.0.2 | MIT | 2015-02-13 - 02:38 | about 9 years | |
1.0.1 | MIT | 2014-12-09 - 05:16 | over 9 years | |
1.0.0 | MIT | 2014-08-14 - 14:34 | over 9 years | |
0.1.2 | MIT | 2014-04-29 - 19:13 | almost 10 years | |
0.1.1 | MIT | 2014-04-21 - 17:21 | about 10 years | |
0.1.0 | MIT | 2014-04-21 - 17:19 | about 10 years |