Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-38633

UNKNOWN
Published 2023-07-22T00:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-38633. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-jf6v-gw88-w63q

Advisory Details

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-38633
WEB https://bugzilla.suse.com/show_bug.cgi?id=1213502
WEB https://gitlab.gnome.org/GNOME/librsvg/-/issues/996
WEB https://gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5BCXT5GW6RCL45ZUHUZR4CJG2BAFDVC
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/R5BCXT5GW6RCL45ZUHUZR4CJG2BAFDVC
WEB https://news.ycombinator.com/item?id=37415799
WEB https://security.netapp.com/advisory/ntap-20230831-0011
WEB https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633
WEB https://www.debian.org/security/2023/dsa-5484
WEB http://seclists.org/fulldisclosure/2023/Jul/43
WEB http://www.openwall.com/lists/oss-security/2023/07/27/1
WEB http://www.openwall.com/lists/oss-security/2023/09/06/10

Advisory provided by GitHub Security Advisory Database. Published: July 22, 2023, Modified: January 24, 2024

References

https://gitlab.gnome.org/GNOME/librsvg/-/issues/996
https://bugzilla.suse.com/show_bug.cgi?id=1213502
https://gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3
http://seclists.org/fulldisclosure/2023/Jul/43
http://www.openwall.com/lists/oss-security/2023/07/27/1
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5BCXT5GW6RCL45ZUHUZR4CJG2BAFDVC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626/
https://www.debian.org/security/2023/dsa-5484
https://security.netapp.com/advisory/ntap-20230831-0011/
http://www.openwall.com/lists/oss-security/2023/09/06/10
https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/
https://news.ycombinator.com/item?id=37415799
Published: 2023-07-22T00:00:00
Last Modified: 2024-08-02T17:46:56.600Z
Copied to clipboard!