CVE-2022-24718 Information

Description

ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4 a path traversal issue can occur when providing untrusted input to the svg property as an argument to the build(MessagePageOptions) function. While there is no known workaround at this time there is a patch in version 0.1.4.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Reference

https://github.com/Finastra/ssr-pages/pull/1 https://github.com/Finastra/ssr-pages/pull/1/commits/c3e4c563384ae3ba3892f37dd190218577620780 https://github.com/Finastra/ssr-pages/security/advisories/GHSA-w6cx-qg2q-rvq8

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.5