CNNVD-202508-1158 Information

CNNVD ID

CNNVD-202508-1158

Related CVE

CVE-2025-55166

• CNNVD Published: 2025-08-12

Description (Chinese)

svg-sanitizer是Daryll Doyle个人开发者的一款SVG格式文件清洗工具。 svg-sanitizer 0.22.0之前版本存在输入验证错误漏洞，该漏洞源于cleanXlinkHrefs方法仅搜索小写属性名，可能导致跨站脚本或外部域链接。

Description (English)

Svg-sanitizer is a SVG file cleansing tool for Daryll Doyle personal developers. The previous version of svg-sanitizer 0.22.0 had an input authentication error loophole, which originated from the clean XlinkHrefs method, which searchs only lowercase attribute names and may lead to cross-site scripts or external domain links.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

个人开发者

Published

2025-08-12

Last Modified

2026-02-24

References

https://github.com/darylldoyle/svg-sanitizer/commit/5a0a1eaf0c6b0b540dc945fe30c93cf106b357c1 https://github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-22wq-q86m-83fh

Patch

https://github.com/darylldoyle/svg-sanitizer/releases