PT-2023-29810 · Fnando · Svg Optimizer

Published

2023-10-20

Updated

2023-10-20

CVE-2023-46035

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Fnando svg optimizer version 0.2.6

Description The issue allows a remote attacker to escalate privileges when optimizing untrusted SVG content.

Recommendations For Fnando svg optimizer version 0.2.6, update to a version that fixes the privilege escalation issue, as using untrusted SVG content can lead to exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2023-46035

GHSA-6HVG-62Q8-95V7

Affected Products

Svg Optimizer

PT-2023-29810 · Fnando · Svg Optimizer

CVE-2023-46035

Weakness Enumeration

Related Identifiers

Affected Products

References · 6