Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 27 Jan 2017 10:51:09 +0300
From: Luc Lynx <luc.lynx@...dex.ru>
To: oss-security@...ts.openwall.com
Subject: SSRF issue in the svgsalamander library

Hello,

There is a java library for processing svg files called svgSalamander:

https://github.com/blackears/svgSalamander

It can also be found in maven:

http://search.maven.org/#search%7Cga%7C1%7Csvg-salamander

If the library is used in a web application, SSRF isssue is possible. I
created a ticket on github:
https://github.com/blackears/svgSalamander/issues/11

The issue seems to be in all versions of the library.

--
LL

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.