Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 27 Jan 2017 10:51:09 +0300
From: Luc Lynx <luc.lynx@...dex.ru>
To: oss-security@...ts.openwall.com
Subject: SSRF issue in the svgsalamander library

Hello,

There is a java library for processing svg files called svgSalamander:

https://github.com/blackears/svgSalamander

It can also be found in maven:

http://search.maven.org/#search%7Cga%7C1%7Csvg-salamander

If the library is used in a web application, SSRF isssue is possible. I
created a ticket on github:
https://github.com/blackears/svgSalamander/issues/11

The issue seems to be in all versions of the library.

--
LL

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ