CVE-2023-27586

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-27586

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27586.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-27586

Aliases

Related

Published

2023-03-20T16:15:13Z

Modified

2025-01-14T11:36:36.350247Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service. Version 2.7.0 disables CairoSVG's ability to access other files online by default.

References

Affected packages

Debian:11 / cairosvg

Package

Name: cairosvg
Purl: pkg:deb/debian/cairosvg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0-1.1+deb11u1

Affected versions

2.*

2.5.0-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / cairosvg

Package

Name: cairosvg
Purl: pkg:deb/debian/cairosvg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.2-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / cairosvg

Package

Name: cairosvg
Purl: pkg:deb/debian/cairosvg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.2-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/kozea/cairosvg

Affected ranges

Type: GIT
Repo: https://github.com/kozea/cairosvg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

12d31c653c0254fa9d9853f66b04ea46e7397255

Fixed

33007d4af9195e2bfb2ff9af064c4c2d8e4b2b53

Affected versions

0.*

0.1

0.1.1

0.1.2

0.2

0.3

0.3.1

0.4

0.4.1

0.4.2

0.4.3

0.4.4

0.5

1.*

1.0

1.0.1

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.17

1.0.18

1.0.19

1.0.2

1.0.20

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

2.*

2.0.0

2.0.0-rc6

2.0.0rc1

2.0.0rc2

2.0.0rc3

2.0.0rc4

2.0.0rc5

2.0.0rc6

2.0.1

2.0.2

2.0.3

2.1.0

2.1.1

2.1.2

2.1.3

2.2.0

2.2.1

2.3.0

2.3.1

2.4.0

2.4.1

2.4.2

2.5.0

2.5.1

2.5.2

2.6.0