CVE-2023-38633

5.5MEDIUM

Key Information

Vendor: Gnome
Status: Librsvg
Vendor: CVE Published:; 22 July 2023

Summary

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 22, 2023
Vulnerability Reserved.
Jul 21, 2023

Collectors

NVD DatabaseMitre Database