Vulnerability Details CVE-2022-24718
ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the `svg` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.0%
CVSS Severity
CVSS v3 Score 7.6
CVSS v2 Score 4.0
References
- https://github.com/Finastra/ssr-pages/pull/1
- https://github.com/Finastra/ssr-pages/pull/1/commits/c3e4c563384ae3ba3892f37dd190218577620780
- https://github.com/Finastra/ssr-pages/security/advisories/GHSA-w6cx-qg2q-rvq8
- https://github.com/Finastra/ssr-pages/pull/1
- https://github.com/Finastra/ssr-pages/pull/1/commits/c3e4c563384ae3ba3892f37dd190218577620780
- https://github.com/Finastra/ssr-pages/security/advisories/GHSA-w6cx-qg2q-rvq8
Products affected by CVE-2022-24718
-
cpe:2.3:a:finastra:ssr-pages:0.1.0
-
cpe:2.3:a:finastra:ssr-pages:0.1.1
-
cpe:2.3:a:finastra:ssr-pages:0.1.2
-
cpe:2.3:a:finastra:ssr-pages:0.1.3