oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

SSRF issue in the svgsalamander library

From: Luc Lynx <luc.lynx () yandex ru>
Date: Fri, 27 Jan 2017 10:51:09 +0300
Hello,

There is a java library for processing svg files called svgSalamander:

https://github.com/blackears/svgSalamander

It can also be found in maven:

http://search.maven.org/#search%7Cga%7C1%7Csvg-salamander

If the library is used in a web application, SSRF isssue is possible. I
created a ticket on github:
https://github.com/blackears/svgSalamander/issues/11

The issue seems to be in all versions of the library.

--
LL
Previous By Date Next
Previous By Thread Next

Current thread: