Mit: >> Scratch-Svg-Renderer >> 0.1.0 Security Vulnerabilities
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.
CVSS Score
9.6
EPSS Score
0.07
Published
2020-10-21