CVE-2020-11887

svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document.
Source: NIST
CVE-2020-11887