发布时间: 2023年9月2日
修改时间: 2024年10月31日
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href= .?../../../../../../../../../../etc/passwd in an xi:include element.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | High |
| Attack Vector | Local | Local |
| CVSS评分 | 5.5 | 5.5 |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| Scope | Unchanged | Unchanged |
| Integrity | None | None |
| User Interaction | None | None |
| Availability | None | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2023-2034 | librsvg2 security update | 2023年9月2日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | librsvg2 | Fixed |
| KY3.4-5A | librsvg2 | Fixed |
| KY3.5.1 | librsvg2 | Fixed |
| KY3.5.2 | librsvg2 | Fixed |
