CVE-2023-38633

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-38633

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38633.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-38633

Related

Published

2023-07-22T17:15:09Z

Modified

2024-12-05T07:50:01.686850Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.

References

Affected packages

Debian:11 / librsvg

Package

Name: librsvg
Purl: pkg:deb/debian/librsvg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.50.3+dfsg-1+deb11u1

Affected versions

2.*

2.50.3+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / librsvg

Package

Name: librsvg
Purl: pkg:deb/debian/librsvg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.54.7+dfsg-1~deb12u1

Affected versions

2.*

2.54.5+dfsg-1

2.54.5+dfsg-2

2.54.5+dfsg-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / librsvg

Package

Name: librsvg
Purl: pkg:deb/debian/librsvg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.54.7+dfsg-1

Affected versions

2.*

2.54.5+dfsg-1

2.54.5+dfsg-2

2.54.5+dfsg-3

2.54.7+dfsg-1~deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/gnome/librsvg

Affected ranges

Type: GIT
Repo: https://github.com/gnome/librsvg
Events: Introduced

ca640d1185745665c61689b71c627e1d020a80b7

Fixed

f1e76275732f54cad528d41ea83ef7bd9fb06ea5

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/librsvg
Events: Introduced

cc3b2fb0672052721e761ca9dd1c8ab6821cbdf9

Fixed

0ca67e3c81ac67d12ad84bfc34e325e240bb5128

Affected versions

2.*

2.48.0

2.48.1

2.48.10

2.48.2

2.48.3

2.48.4

2.48.5

2.48.6

2.48.7

2.48.8

2.48.9