JLSEC-2026-512
- Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-512.md
- Import Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-512.json
- JSON Data
- https://api.osv.dev/v1/vulns/JLSEC-2026-512
- Upstream
- Published
- 2026-05-19T01:34:38.069Z
- Modified
- 2026-05-19T01:45:05.867662Z
- Summary
- [none]
- Details
-
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
- Database specific
{ "sources": [ { "id": "CVE-2023-38633", "database_specific": { "status": "Modified" }, "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38633", "imported": "2026-05-19T00:57:42.346Z", "modified": "2024-11-21T08:13:58.380Z", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-38633", "published": "2023-07-22T17:15:09.810Z" } ], "license": "CC-BY-4.0" }- References
-
- http://seclists.org/fulldisclosure/2023/Jul/43
- http://seclists.org/fulldisclosure/2023/Jul/43
- http://www.openwall.com/lists/oss-security/2023/07/27/1
- http://www.openwall.com/lists/oss-security/2023/07/27/1
- http://www.openwall.com/lists/oss-security/2023/09/06/10
- http://www.openwall.com/lists/oss-security/2023/09/06/10
- https://bugzilla.suse.com/show_bug.cgi?id=1213502
- https://bugzilla.suse.com/show_bug.cgi?id=1213502
- https://gitlab.gnome.org/GNOME/librsvg/-/issues/996
- https://gitlab.gnome.org/GNOME/librsvg/-/issues/996
- https://gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3
- https://gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5BCXT5GW6RCL45ZUHUZR4CJG2BAFDVC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5BCXT5GW6RCL45ZUHUZR4CJG2BAFDVC/
- https://news.ycombinator.com/item?id=37415799
- https://news.ycombinator.com/item?id=37415799
- https://security.netapp.com/advisory/ntap-20230831-0011/
- https://security.netapp.com/advisory/ntap-20230831-0011/
- https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/
- https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/
- https://www.debian.org/security/2023/dsa-5484
- https://www.debian.org/security/2023/dsa-5484