Mit - Scratch-svg-renderer CVE

Filtered by vendor Mit Subscribe

Filtered by product Scratch-svg-renderer

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-7750	1 Mit	1 Scratch-svg-renderer	2020-12-02	6.8 MEDIUM	9.6 CRITICAL
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.

Vulnerabilities (CVE)