CVE-2023-1496

Name of the Vulnerable Software and Affected Versions imgproxy versions prior to 3.14.0

Description The issue is related to Cross-site Scripting (XSS) - Reflected, which can be exploited by a remote attacker to perform inter-site script attacks using a specially crafted svg file. This is due to errors in handling data types. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For versions prior to 3.14.0, update to version 3.14.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of svg files in the imgproxy server until a patch is available. Avoid using the imgproxy server for resizing and converting image files from untrusted sources until the issue is resolved.