CVE-2023-28426

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: GHSA-xrqq-wqh4-5hg2. Reason: Further investigation showed that this CVE was assigned in error. Notes: See https://github.com/darylldoyle/svg-sanitizer/issues/88 for a technical discussion.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

23 Mar 2023, 19:15

Type Values Removed Values Added
Summary savg-sanitizer is a PHP SVG/XML Sanitizer. A bypass has been found in versions prior to 0.16.0 that allows an attacker to upload an SVG with persistent cross-site scripting. HTML elements within CDATA needed to be sanitized correctly, as we were converting them to a textnode and therefore, the library wasn't seeing them as DOM elements. This issue is fixed in version 0.16.0. Any data within a CDATA node will now be sanitised using HTMLPurifier. The maintainers have also removed many of the HTML and MathML elements from the allowed element list, as without ForiegnObject, they're not legal within the SVG context. There are no known workarounds. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: GHSA-xrqq-wqh4-5hg2. Reason: Further investigation showed that this CVE was assigned in error. Notes: See https://github.com/darylldoyle/svg-sanitizer/issues/88 for a technical discussion.
CWE CWE-79
References
  • {'url': 'https://github.com/darylldoyle/svg-sanitizer/commit/cce18bc237c05c6e093e9672db7926788da9b322', 'name': 'https://github.com/darylldoyle/svg-sanitizer/commit/cce18bc237c05c6e093e9672db7926788da9b322', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-xrqq-wqh4-5hg2', 'name': 'https://github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-xrqq-wqh4-5hg2', 'tags': [], 'refsource': 'MISC'}

20 Mar 2023, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-20 14:15

Updated : 2024-02-04 23:37


NVD link : CVE-2023-28426

Mitre link : CVE-2023-28426

CVE.ORG link : CVE-2023-28426


JSON object : View

Products Affected

No product.

CWE

No CWE.