CVE-2023-38633
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
| Vendor | n/a |
| Product | n/a |
| Published | Jul 22, 2023 |
| Last Updated | Aug 2, 2024 |
Stay Ahead of the Next One
Get instant alerts for n/a n/a
Be the first to know when new unknown vulnerabilities affecting n/a n/a are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
n/a / n/a
n/a
References
gitlab.gnome.org: https://gitlab.gnome.org/GNOME/librsvg/-/issues/996 bugzilla.suse.com: https://bugzilla.suse.com/show_bug.cgi?id=1213502 gitlab.gnome.org: https://gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3 seclists.org: http://seclists.org/fulldisclosure/2023/Jul/43 openwall.com: http://www.openwall.com/lists/oss-security/2023/07/27/1 lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5BCXT5GW6RCL45ZUHUZR4CJG2BAFDVC/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626/ debian.org: https://www.debian.org/security/2023/dsa-5484 security.netapp.com: https://security.netapp.com/advisory/ntap-20230831-0011/ openwall.com: http://www.openwall.com/lists/oss-security/2023/09/06/10 canva.dev: https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/ news.ycombinator.com: https://news.ycombinator.com/item?id=37415799