brianlagunas
commented
4 months ago Did not provide required reproduction app
Closed qvitasoyq closed 4 months ago
brianlagunas
commented
4 months ago Did not provide required reproduction app
Description: The version of the svg.js file used in the project has known security vulnerabilities. To ensure the security and stability of the project, we need to update this file to the latest secure version.
Details:
Vulnerability Description: The current version of svg.js 2.7.1 has a security vulnerability that results in users being redirected to unsafe gambling websites when accessing pages that use svg.js. This behavior could lead to information leakage and a poor user experience.
Vulnerability Impact: Users are redirected to gambling websites, which may expose them to phishing attacks, malware infections, and other security risks.
Current Version: svg.js 2.7.1
Suggested Solution: Update svg.js to the latest version.
Steps to Reproduce:
Clone the project repository and install dependencies. Navigate to the path containing the svg.js file. Access a page that uses svg.js and observe if there is a redirection to gambling websites. Expected Behavior: The project should use the latest version of the svg.js file to avoid known security vulnerabilities and ensure the project's security. Users should not be redirected to unsafe websites when accessing related pages.
Actual Behavior: The current version of the svg.js file used in the project has known security vulnerabilities, causing users to be redirected to gambling websites when accessing related pages.
Appendix: