Critical severityNVD Advisory· Published Mar 20, 2020· Updated Aug 4, 2024
CVE-2020-10799
CVE-2020-10799
Description
The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
svglibPyPI | < 0.9.4 | 0.9.4 |
Affected products
2- Python/svglibdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-3vcg-8p79-jpcvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-10799ghsaADVISORY
- github.com/deeplook/svglib/commit/35686a130ed260c71a382a8f83d41fd31a46704dghsaWEB
- github.com/deeplook/svglib/issues/229ghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/svglib/PYSEC-2020-111.yamlghsaWEB
News mentions
0No linked articles in our index yet.