Skip to content

Commit 275fdc5

Browse files
advisory-database[bot]advisory-database[bot]
committed
1 parent d4e5817 commit 275fdc5

File tree

1 file changed

+74
-0
lines changed

1 file changed

+74
-0
lines changed

advisories/github-reviewed/2023/10/GHSA-6hvg-62q8-95v7/GHSA-6hvg-62q8-95v7.json

Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,74 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6hvg-62q8-95v7",
4+
"modified": "2023-10-20T13:23:32Z",
5+
"published": "2023-10-20T13:23:32Z",
6+
"aliases": [
7+
"CVE-2023-46035"
8+
],
9+
"summary": "svg_optimizer rubygem external XML entity (XXE) vulnerability",
10+
"details": "An issue in Fnando svg_optimizer v.0.2.6 allows a remote attacker to escalate privileges when optimizing untrusted SVG content.\n",
11+
"severity": [
12+
13+
],
14+
"affected": [
15+
{
16+
"package": {
17+
"ecosystem": "RubyGems",
18+
"name": "svg_optimizer"
19+
},
20+
"ecosystem_specific": {
21+
"affected_functions": [
22+
""
23+
]
24+
},
25+
"ranges": [
26+
{
27+
"type": "ECOSYSTEM",
28+
"events": [
29+
{
30+
"introduced": "0.2.6"
31+
},
32+
{
33+
"fixed": "0.3.0"
34+
}
35+
]
36+
}
37+
],
38+
"versions": [
39+
"0.2.6"
40+
]
41+
}
42+
],
43+
"references": [
44+
{
45+
"type": "WEB",
46+
"url": "https://github.com/fnando/svg_optimizer/pull/17"
47+
},
48+
{
49+
"type": "WEB",
50+
"url": "https://github.com/fnando/svg_optimizer/commit/8244ff25b51a16892496e9d9f7191dba393f7af0"
51+
},
52+
{
53+
"type": "WEB",
54+
"url": "https://github.com/fnando/svg_optimizer/commit/b1b5013db297494daba5676b9fa4423ffc5e96fa"
55+
},
56+
{
57+
"type": "PACKAGE",
58+
"url": "https://github.com/fnando/svg_optimizer"
59+
},
60+
{
61+
"type": "WEB",
62+
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/svg_optimizer/CVE-2023-46035.yml"
63+
}
64+
],
65+
"database_specific": {
66+
"cwe_ids": [
67+
"CWE-611"
68+
],
69+
"severity": "MODERATE",
70+
"github_reviewed": true,
71+
"github_reviewed_at": "2023-10-20T13:23:32Z",
72+
"nvd_published_at": null
73+
}
74+
}

0 commit comments

Comments
 (0)