GHSA-g556-x5vx-qh59

Suggest an improvement
Source
https://github.com/advisories/GHSA-g556-x5vx-qh59
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-g556-x5vx-qh59/GHSA-g556-x5vx-qh59.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-g556-x5vx-qh59
Aliases
Published
2018-10-19T16:50:33Z
Modified
2023-11-08T03:58:47.519363Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Android SVG vulnerable to XML External Entity (XXE)
Details

AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution

Database specific 
{
    "nvd_published_at": null,
    "github_reviewed_at": "2020-06-16T21:36:09Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-611"
    ]
}
References

Affected packages

Maven / com.caverock:androidsvg

Package

Name
com.caverock:androidsvg
View open source insights on deps.dev
Purl
pkg:maven/com.caverock/androidsvg

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3

Affected versions

1.*

1.0.170
1.1.182
1.2.0
1.2.1
1.2.2-beta-1