Date: Fri, 27 Jan 2017 10:51:09 +0300 From: Luc Lynx <luc.lynx@...dex.ru> To: oss-security@...ts.openwall.com Subject: SSRF issue in the svgsalamander library Hello, There is a java library for processing svg files called svgSalamander: https://github.com/blackears/svgSalamander It can also be found in maven: http://search.maven.org/#search%7Cga%7C1%7Csvg-salamander If the library is used in a web application, SSRF isssue is possible. I created a ticket on github: https://github.com/blackears/svgSalamander/issues/11 The issue seems to be in all versions of the library. -- LL
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ