Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02aHZnLTYycTgtOTV2N84AA2mT
svg_optimizer rubygem external XML entity (XXE) vulnerability
An issue in Fnando svg_optimizer v.0.2.6 allows a remote attacker to escalate privileges when optimizing untrusted SVG content.
Permalink: https://github.com/advisories/GHSA-6hvg-62q8-95v7JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02aHZnLTYycTgtOTV2N84AA2mT
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 7 months ago
Updated: 7 months ago
Identifiers: GHSA-6hvg-62q8-95v7, CVE-2023-46035
References:
- https://github.com/fnando/svg_optimizer/pull/17
- https://github.com/fnando/svg_optimizer/commit/8244ff25b51a16892496e9d9f7191dba393f7af0
- https://github.com/fnando/svg_optimizer/commit/b1b5013db297494daba5676b9fa4423ffc5e96fa
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/svg_optimizer/CVE-2023-46035.yml
- https://github.com/advisories/GHSA-6hvg-62q8-95v7
Blast Radius: 0.0
Affected Packages
rubygems:svg_optimizer
Dependent packages: 12Dependent repositories: 63
Downloads: 319,259 total
Affected Version Ranges: = 0.2.6
Fixed in: 0.3.0
All affected versions: 0.2.6
All unaffected versions: 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.1.0, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.3.0