CVE-2022-23638

Опубликовано: 14 фев. 2022

Источник: nvd

CVSS3: 6.2

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the svg-sanitizer library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available.

Ссылки

https://github.com/darylldoyle/svg-sanitizer/commit/17e12ba9c2881caa6b167d0fbea555c11207fbb0
Patch
Third Party Advisory
https://github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-fqx8-v33p-4qcc
Third Party Advisory
https://github.com/darylldoyle/svg-sanitizer/commit/17e12ba9c2881caa6b167d0fbea555c11207fbb0
Patch
Third Party Advisory
https://github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-fqx8-v33p-4qcc
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:svg-sanitizer_project:svg-sanitizer:*:*:*:*:*:*:*:*

Версия до 0.15.0 (исключая)

EPSS

Процентиль: 28%

0.00098

Низкий

6.2 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-23638

CVSS3: 6.2

ubuntu

почти 4 года назад

svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available.

GHSA-fqx8-v33p-4qcc

CVSS3: 6.2

github

почти 4 года назад

Cross-site Scripting in enshrined/svg-sanitize

EPSS

Процентиль: 28%

0.00098

Низкий

6.2 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79