CVE-2024-47759 Information

Description

GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then be executed when any user will try to see the document contents. Upgrade to 10.0.17.

Reference

https://github.com/glpi-project/glpi/security/advisories/GHSA-474f-9vpp-xxq5