EPSS
Percentile
41.3%
It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the “xlink:href” attribute due to mishandling of the xlink namespace by the sanitizer.
github.com/darylldoyle/svg-sanitizer/commit/6add43e5c5649bc40e3afcb68c522720dcb336f9
nvd.nist.gov/vuln/detail/CVE-2019-10772
snyk.io/vuln/SNYK-PHP-ENSHRINEDSVGSANITIZE-536969