Lucene search

K

MitreCVELIST:CVE-2023-38633

HistoryJul 22, 2023 - 12:00 a.m.

CVE-2023-38633

2023-07-2200:00:00

mitre

www.cve.org

1

directory traversal

librsvg

url decoder

disclosure

local attackers

remote attackers

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.4%

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=“.?../…/…/…/…/…/…/…/…/…/etc/passwd” in an xi:include element.

References

seclists.org/fulldisclosure/2023/Jul/43

www.openwall.com/lists/oss-security/2023/07/27/1

www.openwall.com/lists/oss-security/2023/09/06/10

bugzilla.suse.com/show_bug.cgi?id=1213502

gitlab.gnome.org/GNOME/librsvg/-/issues/996

gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5BCXT5GW6RCL45ZUHUZR4CJG2BAFDVC/

news.ycombinator.com/item?id=37415799

security.netapp.com/advisory/ntap-20230831-0011/

www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/

www.debian.org/security/2023/dsa-5484

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.4%

Related for CVELIST:CVE-2023-38633

ubuntucve1 alpinelinux1 nessus17 oraclelinux1 osv4 prion1 rosalinux1 openvas9 almalinux1 ubuntu1 redhat3 cve1 debian1 redhatcve1 fedora2 nvd1 cloudfoundry1 debiancve1 veracode1 mageia1 redos1 ibm1 hp1