vulnerability ssrf
severity 7.5
language javascript
registry other

:book: Description

SVGOMG is SVGO's Missing GUI, aiming to expose the majority, if not all the configuration options of SVGO. This package is vulnerable for (SSRF).

:recycle: Steps To Reproduce-:

  1. download and run latest release from h Or use demo
  2. open payload svg file . Payload used : rc3.svg
<svg xmlns="" xmlns:xlink="" style="position:relative" width="300" height="200" overflow="hidden">
<image x="10" y="10" width="276" height="110" xlink:href="http://localhost:8080/svg"/>
<path d="M0 150h300v10H0z"/>

:telescope: POC

💥 Impact