svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available.
References
Link | Resource |
---|---|
https://github.com/darylldoyle/svg-sanitizer/commit/17e12ba9c2881caa6b167d0fbea555c11207fbb0 | Patch Third Party Advisory |
https://github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-fqx8-v33p-4qcc | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-02-14T21:10:10
Updated: 2022-02-14T21:10:09
Reserved: 2022-01-19T00:00:00
Link: CVE-2022-23638
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-14T21:15:09.853
Modified: 2022-02-22T21:06:22.237
Link: CVE-2022-23638
JSON object: View
Redhat Information
No data.
CWE