First published: Mon Mar 20 2023(Updated: )
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service. Version 2.7.0 disables CairoSVG's ability to access other files online by default.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Courtbouillon Cairosvg | <2.7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.