Medium severityGHSA Advisory· Published Oct 20, 2023
svg_optimizer rubygem external XML entity (XXE) vulnerability
CVE-2023-46035
Description
An issue in Fnando svg_optimizer v.0.2.6 allows a remote attacker to escalate privileges when optimizing untrusted SVG content.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
svg_optimizerRubyGems | >= 0.2.6, < 0.3.0 | 0.3.0 |
Affected products
2- Range: = 0.2.6
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-6hvg-62q8-95v7ghsaADVISORY
- github.com/fnando/svg_optimizer/commit/8244ff25b51a16892496e9d9f7191dba393f7af0ghsaWEB
- github.com/fnando/svg_optimizer/commit/b1b5013db297494daba5676b9fa4423ffc5e96faghsaWEB
- github.com/fnando/svg_optimizer/pull/17ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/svg_optimizer/CVE-2023-46035.ymlghsaWEB
News mentions
0No linked articles in our index yet.