Описание
Cross-site Scripting in enshrined/svg-sanitize
Impact
SVG sanitizer library before version 0.15.0 did not remove HTML elements wrapped in a CDATA section. As a result, SVG content embedded in HTML (fetched as text/html) was susceptible to cross-site scripting. Plain SVG files (fetched as image/svg+xml) were not affected.
Patches
This issue is fixed in 0.15.0 and higher.
Workarounds
There is currently no workaround available without upgrading.
For more information
If you have any questions or comments about this advisory:
- Open an issue in Github
- Email us at daryll@enshrined.co.uk
Ссылки
- https://github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-fqx8-v33p-4qcc
- https://nvd.nist.gov/vuln/detail/CVE-2022-23638
- https://github.com/darylldoyle/svg-sanitizer/issues/71
- https://github.com/darylldoyle/svg-sanitizer/commit/17e12ba9c2881caa6b167d0fbea555c11207fbb0
- https://github.com/FriendsOfPHP/security-advisories/blob/master/enshrined/svg-sanitize/CVE-2022-23638.yaml
- https://github.com/advisories/GHSA-fqx8-v33p-4qcc
Пакеты
enshrined/svg-sanitize
< 0.15.0
0.15.0
Связанные уязвимости
svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available.
svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available.