cve/CVE-2023-38633.md at dd6a10065df501f0a524d47b55e162f16811ba93

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.

POC

Reference

http://seclists.org/fulldisclosure/2023/Jul/43
https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/

Github

https://github.com/20142995/sectool
https://github.com/Loginsoft-LLC/Linux-Exploit-Detection
https://github.com/Loginsoft-Research/Linux-Exploit-Detection
https://github.com/Threekiii/Awesome-POC
https://github.com/Threekiii/Vulhub-Reproduce
https://github.com/bakery312/Vulhub-Reproduce

1.1 KiB Raw Blame History

CVE-2023-38633

Description

POC

Reference

Github

1.1 KiB

Raw Blame History