CVE-2020-7750

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-7750
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7750.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-7750
Aliases
Related
  • SNYK-JS-SCRATCHSVGRENDERER-1020497
Published
2020-10-21T17:15:13Z
Modified
2025-01-08T10:33:22.208774Z
Summary
[none]
Details

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.

References

Affected packages

Git / github.com/llk/scratch-svg-renderer

Affected ranges

Type
GIT
Repo
https://github.com/llk/scratch-svg-renderer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1832f390952a1eb3b8da97143a7dff99b96be39d
Last affected
21d8f1668f6a8926280f9a9247b062c8ec6957fd
Last affected
5db68845b6130bf3768998f58ad9c0b778f66217
Last affected
62ea2d4df65fe719336242b9c705f277e368c39d
Last affected
6365e0bed26ff350ac584d2e62f310979a0956bd
Last affected
a2a46638838ad5d518cf80db44e9d44fdc830314
Last affected
af4207f8f70e8291688b49dbe499872719474b5f
Last affected
e37d95be95f2f07fd5a57a6717ce1834f0c5819b
Type
GIT
Repo
https://github.com/scratchfoundation/scratch-svg-renderer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9ebf57588aa596c4fa3bb64209e10ade395aee90
Fixed
9ebf57588aa596c4fa3bb64209e10ade395aee90

Affected versions

0.*

0.2.0-prerelease.20201009202925
0.2.0-prerelease.20201009211507
0.2.0-prerelease.20201011114003
0.2.0-prerelease.20201012151417
0.2.0-prerelease.20201014105708
0.2.0-prerelease.20201014145347
0.2.0-prerelease.20201015122106
0.2.0-prerelease.20201015135047