Vulnerability	Vulnerable Version
H Allocation of Resources Without Limits or Throttling @dicebear/converter is a SVG Converter for DiceBear Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the `ensureSize` function. An attacker can cause excessive memory allocation and application crashes by injecting specially crafted SVG input that bypasses dimension capping through XML comment injection. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `@dicebear/converter` to version 9.4.2 or higher.	<9.4.2
H Allocation of Resources Without Limits or Throttling @dicebear/converter is a SVG Converter for DiceBear Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the `ensureSize` function. An attacker can cause excessive memory allocation by supplying a crafted SVG file with extremely large `width` and `height` attributes to the conversion process, potentially leading to denial of service. This is only exploitable if untrusted or user-supplied SVGs are processed by the conversion functions. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `@dicebear/converter` to version 9.4.0 or higher.	<9.4.0

Allocation of Resources Without Limits or Throttling

@dicebear/converter is a SVG Converter for DiceBear

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ensureSize function. An attacker can cause excessive memory allocation and application crashes by injecting specially crafted SVG input that bypasses dimension capping through XML comment injection.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade @dicebear/converter to version 9.4.2 or higher.

<9.4.2

Allocation of Resources Without Limits or Throttling

@dicebear/converter is a SVG Converter for DiceBear

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ensureSize function. An attacker can cause excessive memory allocation by supplying a crafted SVG file with extremely large width and height attributes to the conversion process, potentially leading to denial of service. This is only exploitable if untrusted or user-supplied SVGs are processed by the conversion functions.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade @dicebear/converter to version 9.4.0 or higher.

<9.4.0

Go back to all versions of this package