High severity7.4NVD Advisory· Published Mar 16, 2017· Updated May 13, 2026
CVE-2017-5617
CVE-2017-5617
Description
The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.kitfox.svg:svg-salamanderMaven | < 1.1.2 | 1.1.2 |
Affected products
2- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:kitfox:svg_salamander:-:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- github.com/blackears/svgSalamander/issues/11nvdPatchThird Party AdvisoryWEB
- www.debian.org/security/2017/dsa-3781nvdThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2017/01/27/3nvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2017/01/29/2nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/95871nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-h3wv-47xm-4mg6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-5617ghsaADVISORY
- security.gentoo.org/glsa/202003-11nvdThird Party AdvisoryWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3V7RIIO3HO4RNDBN2PARLIDAL3RPV2OXghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPUOI6NCEB6H6YHKN7M4V3CAQD63NXAUghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3V7RIIO3HO4RNDBN2PARLIDAL3RPV2OX/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPUOI6NCEB6H6YHKN7M4V3CAQD63NXAU/nvd
News mentions
0No linked articles in our index yet.