CVE-2023-38633
MEDIUM5.5EPSS 43.6%librsvg - security update
發布日:2023/7/22修改日:2026/4/28
描述
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
受影響套件(2)
- Debian/librsvgfrom 0, < 2.50.3+dfsg-1+deb11u1
- Debian/librsvgfrom 0, < 2.50.3+dfsg-1+deb11u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |