Описание
svg_optimizer rubygem external XML entity (XXE) vulnerability
An issue in Fnando svg_optimizer v.0.2.6 allows a remote attacker to escalate privileges when optimizing untrusted SVG content.
Ссылки
- https://github.com/fnando/svg_optimizer/pull/17
- https://github.com/fnando/svg_optimizer/commit/8244ff25b51a16892496e9d9f7191dba393f7af0
- https://github.com/fnando/svg_optimizer/commit/b1b5013db297494daba5676b9fa4423ffc5e96fa
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/svg_optimizer/CVE-2023-46035.yml
Пакеты
Наименование
svg_optimizer
rubygems
Затронутые версииВерсия исправления
= 0.2.6
0.3.0
CVE ID
Дефекты
CWE-611
CVE ID
Дефекты
CWE-611