Описание
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
Ссылки
- Mailing ListNot ApplicableThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Mailing List
- Issue TrackingPatchThird Party Advisory
- ExploitIssue TrackingVendor Advisory
- Release Notes
- Third Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
- Third Party Advisory
- Mailing ListNot ApplicableThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Mailing List
- Issue TrackingPatchThird Party Advisory
- ExploitIssue TrackingVendor Advisory
- Release Notes
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
Одно из
Одно из
EPSS
5.5 Medium
CVSS3
Дефекты
Связанные уязвимости
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
A directory traversal problem in the URL decoder of librsvg before 2.5 ...
EPSS
5.5 Medium
CVSS3