Skip to content

svg_optimizer rubygem external XML entity (XXE) vulnerability

Moderate severity GitHub Reviewed Published Oct 20, 2023 to the GitHub Advisory Database • Updated Oct 20, 2023

Package

bundler svg_optimizer (RubyGems)

Affected versions

= 0.2.6

Patched versions

0.3.0

Description

An issue in Fnando svg_optimizer v.0.2.6 allows a remote attacker to escalate privileges when optimizing untrusted SVG content.

References

Published to the GitHub Advisory Database Oct 20, 2023
Reviewed Oct 20, 2023
Last updated Oct 20, 2023

Severity

Moderate

Weaknesses

CVE ID

CVE-2023-46035

GHSA ID

GHSA-6hvg-62q8-95v7

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.