CVE-2023-38633 Information
Jul 23, 2023
cve
Description
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area) as demonstrated by href=.?../../../../../../../../../../etc/passwd\ in an xi:include element.
Reference
https://gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3 https://bugzilla.suse.com/show_bug.cgi?id=1213502 https://gitlab.gnome.org/GNOME/librsvg/-/issues/996
Share on: