An issue in the isSVG() function of Known v1.2.2+2020061101 allows malicious users to execute arbitrary code via a crafted SVG file.
withknown known