CVE-2020-7750
- Source
- https://cve.org/CVERecord?id=CVE-2020-7750
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7750.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-7750
- Aliases
- Related
- Published
- 2020-10-21T17:15:13.343Z
- Modified
- 2026-03-13T14:42:45.173489Z
- Severity
-
- 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.
- References
Affected packages
Git / github.com/llk/scratch-svg-renderer
Affected ranges
- Type
- GIT
- Repo
- https://github.com/llk/scratch-svg-renderer
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "0.2.0-prerelease20201009195807" }, { "introduced": "0" }, { "last_affected": "0.2.0-prerelease20201009202925" }, { "introduced": "0" }, { "last_affected": "0.2.0-prerelease20201009211507" }, { "introduced": "0" }, { "last_affected": "0.2.0-prerelease20201011114003" }, { "introduced": "0" }, { "last_affected": "0.2.0-prerelease20201012151417" }, { "introduced": "0" }, { "last_affected": "0.2.0-prerelease20201014105708" }, { "introduced": "0" }, { "last_affected": "0.2.0-prerelease20201014145347" }, { "introduced": "0" }, { "last_affected": "0.2.0-prerelease20201015122106" }, { "introduced": "0" }, { "last_affected": "0.2.0-prerelease20201015135047" }, { "introduced": "0" }, { "last_affected": "0.2.0-prerelease20201015194358" } ] }
- Type
- GIT
- Repo
- https://github.com/scratchfoundation/scratch-svg-renderer
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.2.0-prerelease.20201009202925
0.2.0-prerelease.20201015122106
0.2.0-prerelease.20201015135047
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease1515799461"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease1515800444"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180117145116"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180117210827"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180118201049"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180118201241"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180118224509"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180124043252"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180124054052"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180210005926"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180329174139"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180423193917"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180508170432"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180510171850"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180510181711"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180511144653"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180514170126"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180521194642"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180524204036"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180524210316"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180531205843"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180531214630"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0-prerelease20180605140533"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20180605154326"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20180607141644"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20180613184320"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20180618172917"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20180711180400"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20180712223402"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20180817005452"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20180821210632"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20180907141232"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20180926143036"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20181017193458"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20181024192149"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20181101210634"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20181126212715"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20181212190400"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20181212222326"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20181212230607"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20181213165142"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20181213192400"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20181218153528"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20181220183040"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20190109201344"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20190110205335"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20190125192231"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20190304180800"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20190329052730"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20190419183947"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20190521170426"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20190523193400"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20190715144718"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20190715153806"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20190820171249"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20190822193232"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20190822202608"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20191031221353"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20191104164753"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20191217211338"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20200103191258"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20200103211543"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20200109070519"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20200205003215"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20200205003400"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20200507183648"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20200604203226"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20200609210443"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20200610220938"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20201008203328"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20201009194722"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20201013123302"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20201013184332"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20201014130133"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0-prerelease20201016121710"
}
]
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7750.json"