CVE-2019-18856

Опубликовано: 11 нояб. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.

Ссылки

https://fortiguard.com/zeroday/FG-VD-19-115
Third Party Advisory
https://git.drupalcode.org/project/svg_sanitizer/commit/e1b0666
Patch
Third Party Advisory
https://fortiguard.com/zeroday/FG-VD-19-115
Third Party Advisory
https://git.drupalcode.org/project/svg_sanitizer/commit/e1b0666
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:drupal:svg_sanitizer:*:*:*:*:*:drupal:*:*

Версия до 7.x-1.5 (включая)

cpe:2.3:a:drupal:svg_sanitizer:8.x-1.0:alpha1:*:*:*:drupal:*:*

EPSS

Процентиль: 59%

0.00384

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-89wx-w454-grxp

github

больше 3 лет назад