Moderate severityNVD Advisory· Published Dec 11, 2019· Updated Aug 4, 2024
CVE-2019-10772
CVE-2019-10772
Description
It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
enshrined/svg-sanitizePackagist | < 0.13.1 | 0.13.1 |
Affected products
2- enshrined/svg-sanitizedescription
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-8rc5-hx3v-2jg7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10772ghsaADVISORY
- github.com/darylldoyle/svg-sanitizer/commit/6add43e5c5649bc40e3afcb68c522720dcb336f9ghsaWEB
- snyk.io/vuln/SNYK-PHP-ENSHRINEDSVGSANITIZE-536969ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.