Описание
Sulu vulnerable to XXE in SVG File upload Inspector
Impact
A admin user can upload SVG which may load external data via XML DOM library, specially this can be used for eventually reference none secure XML External Entity References.
Patches
The problem has not been patched yet. Users should upgrade to patched versions once they become available. Currently affected versions are:
- 2.6.9
- 2.5.25
- 3.0.0-alpha3
Workarounds
Patch the effect file src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php in sulu with:
References
- GitHub repository: https://github.com/sulu/sulu
- Vulnerable code: https://github.com/sulu/sulu/blob/2.6/src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php
Пакеты
sulu/sulu
>= 2.5.21, < 2.5.25
2.5.25
sulu/sulu
>= 2.6.5, < 2.6.9
2.6.9
sulu/sulu
>= 3.0.0-alpha1, < 3.0.0-alpha3
3.0.0-alpha3
Связанные уязвимости
Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has been patched in versions 2.6.9, 2.5.25, and 3.0.0-alpha3. As a workaround, one may patch the effect file `src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php` manually.