AI Score
Confidence
High
EPSS
Percentile
41.3%
It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the “xlink:href” attribute due to mishandling of the xlink namespace by the sanitizer.
snyk.io/vuln/SNYK-PHP-ENSHRINEDSVGSANITIZE-536969