Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2Y2ctOHA3OS1qcGN2

Critical CVSS: 9.3 EPSS: 0.00338% (0.55919 Percentile) EPSS:
Permalink JSON

SVGlib Vulnerable to XXE Attacks

Affected Packages Affected Versions Fixed Versions
pypi:svglib
PURL: pkg:pypi/svglib
<= 0.9.3 0.9.4
93 Dependent packages
1,712 Dependent repositories
3,226,769 Downloads last month

Affected Version Ranges

All affected versions

0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.8.0, 0.8.1, 0.9.0, 0.9.0b0, 0.9.1, 0.9.2, 0.9.3

All unaffected versions

0.9.4, 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.6.0

The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.

References:

Identifiers

GHSA-3vcg-8p79-jpcv

CVE-2020-10799

Risk

Severity

Critical

CVSS

CVSS Score: 9.3

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00338

EPSS Percentile: 0.55919

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/deeplook/svglib

Date and time

Published

over 4 years ago

Updated

about 1 year ago

API

JSON