CVE-2022-24718: 
JavaScript vulnerability analysis and mitigation

ssr-pages is an HTML page builder for server-side rendering (SSR). In versions prior to 0.1.4, a path traversal vulnerability was identified when providing untrusted input to the svg property as an argument to the build(MessagePageOptions) function. The vulnerability was discovered and disclosed on March 1, 2022 (NVD).

The vulnerability is classified as a path traversal issue (CWE-22) that allows improper limitation of a pathname to a restricted directory. The CVSS v3.1 base score is 6.5 (MEDIUM) according to NVD assessment with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, while GitHub's assessment rates it at 7.6 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L (NVD).

The vulnerability could allow attackers to traverse directories and access files outside of the intended directory structure when the svg property is manipulated with untrusted input. This could potentially lead to unauthorized access to sensitive files on the system (NVD).

The vulnerability has been patched in version 0.1.4. Users are recommended to upgrade to this version or later. No other workarounds are currently known (NVD).